3369 matches found
CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...
CVE-2006-5705
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the 1 backup and 2 fragment parameters in a GET request...
WordPress < 2.0.3 Arbitrary Code Injection
Binary data 3647.prm...
WordPress < 2.0.1 Arbitrary Script Injection
Binary data 3435.prm...
wordpress1512.txt
GulfTech Security Research June 28th, 2005 Vendor : WordPress URL : http://wordpress.org/ Version : WordPress 1.5.1.2 && Earlier Risk : Multiple Vulnerabilities Description: WordPress is a very popular personal publishing platform aka blog software, and is used by everyone from celebrities, to...
wpcmdexec.pl.txt
!/usr/bin/perl -w Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a password hash & use that hash to execute shell...
WordPress 1.2.11.2.2 - wp-admintemplates.php?file Cross-Site Scripting
WordPress 1.2.11.2.2 - wp-admintemplates.php?file Cross-Site Scripting source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization o...
WordPress 'wp-login.php' HTTP Response Splitting
According to its banner, the remote version of WordPress is vulnerable to an HTTP-splitting attack wherein an attacker can insert CR LF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header which was supplied by the...
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Wordpress 1.2 is reported vulnerable, however, other...