CVE-2016-7169

Directory traversal vulnerability in the FileUploadUpgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter...

CVE-2016-7169

Directory traversal vulnerability in the FileUploadUpgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter...

CVE-2016-7169

Directory traversal vulnerability in the FileUploadUpgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter...

CVE-2016-7169

Directory traversal vulnerability in the FileUploadUpgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter...

CVE-2016-7169

Directory traversal vulnerability in the FileUploadUpgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter...

CVE-2016-7169

CVE-2016-7169 is a directory-traversal vulnerability in WordPress prior to 4.6.1. The flaw resides in the File_Upload_Upgrader class (wp-admin/includes/class-file-upload-upgrader.php) of the upgrade package uploader, allowing remote authenticated users to access arbitrary files via a crafted urlh...

[ASA-201609-32] wordpress: multiple issues

Arch Linux Security Advisory ASA-201609-32 ========================================== Severity: High Date : 2016-09-30 CVE-ID : CVE-2016-7168 CVE-2016-7169 Package : wordpress Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package wordpress...

[SECURITY] [DSA 3681-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3681-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 633-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u12 CVE ID : CVE-2015-8834 CVE-2016-4029 CVE-2016-5836 CVE-2016-6634 CVE-2016-6635 CVE-2016-7168 CVE-2016-7169 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the...

wordpress: multiple issues

CVE-2016-7168 cross-site scripting A cross-site scripting vulnerability via an image filename, reported by SumOfPwm researcher Cengiz Han Sahin. - CVE-2016-7169 directory traversal A directory traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the...