Fedora 24 : wordpress (2017-01c3288bef)

WordPress 4.7.1 Security and Maintenance Release This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues : - Remote code execution RCE in PHPMailer No specific iss...

Mail.ru: SSRF на https://target.my.com/

SSRF via submitting URL redirecting to internal resrouce to REST API method of target.my.com. target.my.com is not currently in the Bug Bounty scope, bounty was issued due to potential impact on different services and infrastructure...

WordPress < 4.7.1 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to...

DEBIAN-CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

Cross site request forgery (csrf)

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

CVE-2017-5487

CVE-2017-5487 affects WordPress 4.7.x prior to 4.7.1. The REST API endpoint wp-json/wp/v2/users does not properly restrict author listings, allowing unauthenticated remote access to usernames and related information. Root cause: insufficient access control on author listings in the REST API. Impa...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

Nextcloud: User Information Disclosure via REST API

Hello, I found out that you are using WP 4.6.2 on your domain which is outdated. https://nextcloud.com/readme.html Description:- WordPress versions 4.7 and earlier are affected by multiple security issues. Kindly check https://wpvulndb.com/wordpresses/462 for the vulnerabilities and in detailed...

ownCloud: User Information Disclosure via REST API

Hello, REST-API, allows anonymous access to functionality that allows a hacker to list all users who have published a post on a WordPress site. Unfortunately, this generally includes the admin account POC: https://owncloud.com/wp-json/wp/v2/users/ https://owncloud.com/wp-json/wp/v2/users/1/ Kind...

WordPress 4.7 - User Information Disclosure via REST API

PoC http://www.example.com/wp-json/wp/v2/users...

WordPress 4.7 - User Information Disclosure via REST API

http://www.example.com/wp-json/wp/v2/users...

Server side request forgery (ssrf)

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...

CVE-2016-10126

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...

CVE-2016-10126

CVE-2016-10126 affects Splunk Enterprise and Splunk Web: multiple 5.0.x/6.x releases are vulnerable to remote HTTP request injection that can leak REST API authentication tokens via unspecified vectors (aka SPL-128840). Affected versions include 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x bef...

WordPress Stop User Enumeration 1.3.4 User Enumeration Vulnerability

WordPress Stop User Enumeration plugin version 1.3.4 fails to stop user enumeration. Details ================ Software: Stop User Enumeration Version: 1.3.4 Homepage: https://wordpress.org/plugins/stop-user-enumeration/ Advisory report:...

WordPress Stop User Enumeration 1.3.4 User Enumeration

Details ================ Software: Stop User Enumeration Version: 1.3.4 Homepage: https://wordpress.org/plugins/stop-user-enumeration/ Advisory report: https://security.dxw.com/advisories/stop-user-enumeration-does-not-stop-user-enumeration/ CVE: Awaiting assignment CVSS: 5 Medium;...

CVE-2016-7462

The Suite REST API in VMware vRealize Operations aka vROps 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization...

CVE-2016-7462

CVE-2016-7462 affects VMware vRealize Operations (vROps) 6.x prior to 6.4.0. The REST API deserialization vulnerability allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload mishandled during deserialization. VM...