7 matches found
Debian: Security Advisory (DLA-1151-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1151-2] wordpress regression update
Package : wordpress Version : 3.6.1+dfsg-1deb7u19 Debian Bug : 881088 The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed a...
Debian DLA-1151-2 : wordpress regression update
The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed as too intrusive and thus the initial patch for CVE-2017-14990 has been...
[SECURITY] [DSA 3997-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3997-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 10, 2017 https://www.debian.org/security/faq -...
WordPress 4.8.2 Activation Key Failed Expiry Vulnerability
WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use. Details ================ Software: WordPress Version: 4.8.2 Homepage: https://wordpress.org/ Advisory report: https://security.dxw.com/advisories/wordpress-signups-activation/ CVE:...
WordPress 4.8.2 Activation Key Failed Expiry
Details ================ Software: WordPress Version: 4.8.2 Homepage: https://wordpress.org/ Advisory report: https://security.dxw.com/advisories/wordpress-signups-activation/ CVE: CVE-2017-14990 CVSS: 0 Low; AV:L/AC:H/Au:M/C:N/I:N/A:N Description ================ WordPress does not hash or expir...
CVE-2017-14990
WordPress 4.8.2 stores cleartext wpsignups.activationkey values but stores the analogous wpusers.useractivationkey values as hashes, which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access such as access gained through an unspecified...