9242 matches found
Server side request forgery (ssrf)
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...
CVE-2013-2199
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...
CVE-2013-0235
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery SSRF issue...
Server side request forgery (ssrf)
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery SSRF issue...
CVE-2013-2199
The CVE-2013-2199 entry concerns WordPress HTTP API vulnerability that permits SSRF-like behavior in WordPress before 3.5.2. Connected sources specify the issue as enabling remote servers to trigger HTTP requests to internal/intranet hosts via unspecified vectors, with a similar context to CVE-20...
WordPress < 3.5.2 Multiple Vulnerabilities
According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application contains a denial of service attack, affecting sites using password-protected posts. CVE-2013-2173 - The application is affected by a server-side...
WordPress Update 3.5.2 Patches Seven Vulnerabilities
WordPress, which has been a jumping off point for a number of targeted attacks and other high-profile hacks, has been updated and the latest version includes a number of security patches. Version 3.5.2, released late last week, includes seven security fixes and some additional hardening, accordin...
wordpress -- multiple vulnerabilities
The wordpress development team reports: Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site Disallow contributors from improperly publishing posts An update to the SWFUpload external library to fix cross-site scripting vulnerabilities...
WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)
...
WordPress < 3.5.2 Multiple Vulnerabilities
Binary data 6883.prm...
WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery
The WordPress install hosted on the remote web server is affected by a server-side request forgery vulnerability because the 'pingback.ping' method used in 'xmlrpc.php' fails to properly validate source URIs Uniform Resource Identifiers. A remote, unauthenticated attacker can exploit this issue t...
WordPress < 3.5.1 Multiple Vulnerabilities
According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by a server-side request forgery vulnerability in the 'pingback.ping' method used in 'xmlrpc.php'. This vulnerability can be used to expos...
FreeBSD : wordpress -- multiple vulnerabilities (559e00b7-6a4d-11e2-b6b0-10bf48230856)
Wordpress reports : WordPress 3.5.1 also addresses the following security issues : - A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPres...
wordpress -- multiple vulnerabilities
Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress...
Server side request forgery (ssrf)
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node type page" permission to access unpublished nodes via a direct request...
Server side request forgery (ssrf)
The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...
Server side request forgery (ssrf)
The webnoderegister function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors...
Server side request forgery (ssrf)
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
Server side request forgery (ssrf)
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
Server side request forgery (ssrf)
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...