Lucene search
GoogleOSV:DSA-1871-1HistoryAug 23, 2009 - 12:00 a.m.
wordpress - several vulnerabilities
2009-08-2300:00:00
Google
osv.dev
15
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.183 Low
EPSS
Percentile
95.5%
Several vulnerabilities have been discovered in wordpress, weblog
manager. The Common Vulnerabilities and Exposures project identifies the
following problems:
- CVE-2008-6762
It was discovered that wordpress is prone to an open redirect
vulnerability which allows remote attackers to conduct phishing atacks. - CVE-2008-6767
It was discovered that remote attackers had the ability to trigger an
application upgrade, which could lead to a denial of service attack. - CVE-2009-2334
It was discovered that wordpress lacks authentication checks in the
plugin configuration, which might leak sensitive information. - CVE-2009-2854
It was discovered that wordpress lacks authentication checks in various
actions, thus allowing remote attackers to produce unauthorised edits or
additions. - CVE-2009-2851
It was discovered that the administrator interface is prone to a
cross-site scripting attack. - CVE-2009-2853
It was discovered that remote attackers can gain privileges via certain
direct requests. - CVE-2008-1502
It was discovered that the _bad_protocol_once function in KSES, as used
by wordpress, allows remote attackers to perform cross-site scripting
attacks. - CVE-2008-4106
It was discovered that wordpress lacks certain checks around user
information, which could be used by attackers to change the password of
a user. - CVE-2008-4769
It was discovered that the get_category_template function is prone to a
directory traversal vulnerability, which could lead to the execution of
arbitrary code. - CVE-2008-4796
It was discovered that the _httpsrequest function in the embedded snoopy
version is prone to the execution of arbitrary commands via shell
metacharacters in https URLs. - CVE-2008-5113
It was discovered that wordpress relies on the REQUEST superglobal array
in certain dangerous situations, which makes it easier to perform
attacks via crafted cookies.
For the oldstable distribution (etch), these problems have been fixed in
version 2.0.10-1etch4.
For the stable distribution (lenny), these problems have been fixed in
version 2.5.1-11+lenny1.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.8.3-1.
We recommend that you upgrade your wordpress packages.
References
Related
debian
debian
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
2009-08-27 01:39:01
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities
2009-08-23 03:41:14
[SECURITY] [DSA 1691-1] New moodle packages fix several vulnerabilities
2008-12-22 08:27:17
osv
osv
wordpress - regression fix
2009-08-23 00:00:00
Moodle vulnerable to Cross-site scripting
2022-05-01 23:40:50
moodle - several vulnerabilities
2008-12-22 00:00:00
openvas
openvas
Debian Security Advisory DSA 1871-2 (wordpress)
2009-09-02 00:00:00
Debian Security Advisory DSA 1871-1 (wordpress)
2009-09-02 00:00:00
Debian Security Advisory DSA 1871-1 (wordpress)
2009-09-02 00:00:00
nessus
nessus
Debian DSA-1871-1 : wordpress - several vulnerabilities
2010-02-24 00:00:00
Fedora 9 : wordpress-2.6.3-1.fc9 (2008-9257)
2008-11-07 00:00:00
seebug
seebug
WordPress wp-admin้ๆๆ็ฎก็่ฎฟ้ฎๆผๆด
2009-09-02 00:00:00
WordPress wp-admin/admin.phpๆจกๅ้่ฏฏๆ้ๆฃๆฅๆผๆด
2009-07-10 00:00:00
patchstack
patchstack
WordPress <= 2.6.9 - Open Redirection
2009-04-28 00:00:00
WordPress <= 2.6.9 - Denial Of Service Attacks
2009-04-28 00:00:00
WordPress <= 2.6.3 - Cross Site Request Forgery
2008-11-17 00:00:00
cve
cve
ubuntucve
ubuntucve
prion
prion
Server side request forgery (ssrf)
2009-04-28 16:30:00
Design/Logic Flaw
2008-10-30 20:56:00
Cross site request forgery (csrf)
2008-11-17 23:30:00
debiancve
debiancve
fedora
fedora
[SECURITY] Fedora 9 Update: moodle-1.9.3-3.fc9
2008-11-08 02:11:18
[SECURITY] Fedora 10 Update: moodle-1.9.3-4.fc10
2008-12-21 08:37:43
[SECURITY] Fedora 8 Update: wordpress-2.6.3-1.fc8
2008-11-07 02:51:55
jvn
jvn
JVN#20502807 Snoopy command injection vulnerability
2008-10-28 00:00:00
dsquare
dsquare
WordPress 2.8.3 RCE
2012-05-10 00:00:00
Moodle <= 1.8.4 RCE
2012-01-26 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_MOODLE_REXEC
2008-03-25 19:44:00
ubuntu
ubuntu
Moodle vulnerability
2008-10-23 00:00:00
github
github
Moodle vulnerable to Cross-site scripting
2022-05-01 23:40:50
veracode
veracode
Privilege Escalation
2019-01-15 09:15:43
Remote Code Execution (RCE)
2019-01-15 09:15:14
packetstorm
packetstorm
Feed2JS File Disclosure
2014-07-05 00:00:00
Nagios Core Curl Command Injection / Code Execution
2016-12-15 00:00:00
Core Security Technologies Advisory 2009.0515
2009-07-08 00:00:00
myhack58
myhack58
securityvulns
securityvulns
gentoo
gentoo
eGroupWare: Multiple vulnerabilities
2008-05-07 00:00:00
Nagios: Multiple vulnerabilities
2017-02-21 00:00:00
threatpost
threatpost
Nagios Core Patches Root, RCE Vulnerabilities
2016-12-16 11:00:13
exploitpack
exploitpack
ibm
ibm
Security Bulletin: Vulnerabilities in nagios affect PowerKVM
2018-06-18 01:38:44
exploitdb
exploitdb
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.183 Low
EPSS
Percentile
95.5%
Related for OSV:DSA-1871-1