28 matches found
Publitas: CVE-2018-6389 exploitation - using scripts loader
An unauthenticated denial of service vulnerability in WordPress was discovered, tracked as CVE-2018-6389. By requesting a large number of JavaScript files through the load-scripts.php endpoint, an attacker could consume excessive resources on the server. This vulnerability could allow denial of...
Fastly VDP: CVE-2018-6389 exploitation - using scripts loader
Vulnerability description not provided...
U.S. Dept Of Defense: DoS at █████(CVE-2018-6389)
A vulnerability in WordPress allowed unauthenticated attackers to launch a denial of service attack by listing a large number of registered .js files from wp-includes/script-loader.php. The vulnerability was assigned CVE-2018-6389. Attackers could use this function to deplete server resources and...
U.S. Dept Of Defense: DoS at ████████ (CVE-2018-6389)
An unauthenticated attacker could cause a denial of service resource consumption on a WordPress site by using the large list of registered .js files to construct a series of requests to load every file many times. The vulnerability was registered as CVE-2018-6389...
Adobe: DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
The researcher successfully exploited CVE-2018-6389 on https://research.adobe.com/. We appreciate the collaboration and the responsible disclosure...
Sifchain: Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation
There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...
MTN Group: [mtn.com.af] Multiple vulnerabilities allow to Application level DoS
Issue Description Unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times. The vulnerability is registered as CVE-2018-6389 76172...
MTN Group: CVE-2018-6389 exploitation - using scripts loader
Issue Description Unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times. The vulnerability is registered as CVE-2018-6389 76172...
BlockDev Sp. Z o.o: DoS of https://blog.makerdao.com/ via CVE-2018-6389
DoS of https://blog.makerdao.com/ via CVE-2018-6389...
Yelp: DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
Description: There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details: Detailed attack scenario is described for example here:...
Nord Security: DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...
OLX: load scripts DOS vulnerability
1 vulnerability description WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor...
MariaDB: scripts loader (denial of service) vulnerability
1 vulnerability description WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor files...
samoa-do-vip.randco.fr XSS vulnerability
Open Bug Bounty ID: OBB-683182 Description| Value ---|--- Affected Website:| samoa-do-vip.randco.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
WordPress < 4.9.5 Multiple Vulnerabilities
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.9.5. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid109034; scriptversion"1.12";...
LocalTapiola: DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation
Description There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...
premium.wpmudev.org XSS vulnerability
Open Bug Bounty ID: OBB-569629 Description| Value ---|--- Affected Website:| premium.wpmudev.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Wordpress DoS Attack: CVE-2018-6389
Overview On February 5, an Israeli security researcher, Barak Tawily, discovered a Denial of Service DoS attack impacting all 3.x-4.x versions of the Wordpress content management platform. The vulnerability is currently unpatched and relies on a performance boosting feature in Wordpress allowing...
CVE-2018-6389
creationtimestamp| type| source ---|---|--- 2018-02-14 09:33:59+00:00| exploited| https://t.me/canyoupwnme/3262 2018-04-09 06:36:01+00:00| seen| https://t.me/codebysec/1344 2019-11-21 11:20:46+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/3397 2020-01-08 15:00:20+00:00|...
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times...