9 matches found
Mageia: Security Advisory (MGASA-2013-0285)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated wordpress and php-phpmailer packages fix security vulnerabilities
wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations CVE-2013-4338. WordPress before 3.6.1 does not properly validate URLs before...
Debian DSA-2757-1 : wordpress - several vulnerabilities
Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches...
[SECURITY] [DSA 2757-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2757-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez September 14, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2757-1 (wordpress - several vulnerabilities)
Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches...
DSA-2757-1 wordpress - several
Bulletin has no description...
CVE-2013-5738
The getallowedmimetypes function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfilteredhtml capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file...
UBUNTU-CVE-2013-5738
The getallowedmimetypes function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfilteredhtml capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file...
CVE-2013-5738
WordPress up to version 3.6.0 is affected by CVEs-2013-5738 and -5739. The vulnerability stems from wp-includes/functions.php:get_allowed_mime_types, which does not require the unfiltered_html capability for .htm/.html uploads, potentially enabling remote authenticated users to trigger XSS via a ...