9 matches found
EUVD-2012-4356
Malware in sbrugna...
Re: Wordpress Pingback Port Scanner
Hi Chris! It's good that you've drew attention on possibility of port scanning and made nice software for abusing this WP feature. But I want to remind about another vulnerability in XML-RPC, which I've disclosed in 2012. The most important hole in WordPress XML-RPC is Brute Force...
CVE-2012-4421
The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...
DEBIAN-CVE-2012-4421
The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...
Design/Logic Flaw
The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...
CVE-2012-4421
The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...
CVE-2012-4421
CVE-2012-4421 affects WordPress versions before 3.4.2. The vulnerability is in the function create_post in wp-includes/class-wp-atom-server.php, which does not perform a capability check. This allows remote authenticated users with the Contributor role to bypass intended access restrictions and p...
WordPress < 3.4.2 Multiple Vulnerabilities
According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified bug that affects multisite installs with untrusted users. - The application is affected by an unspecified vulnerability...
XSS и Brute Force уязвимости в WordPress
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting та Brute Force уязвимостях в WordPress. XSS WASC-08: В 2007 году я писал об редиректорах http://websecurity.com.ua/1152/ в WordPress http://websecurity.com.ua/1179/, для которых я выпустил патч в MustLive Security Pack v.1.0.5...