WordPress MU 1.3.2 - active_plugins option Code Execution

WordPress MU 1.3.2 - activeplugins option Code Execution Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html This exploit uses activeplugins option to execute arbitrary PHP / includeonce './class-snoopy.php'; // Fix Snoopy cla...

CVE-2007-1599

wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirectto parameter...

Information disclosure

wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirectto parameter...

CVE-2007-1599

wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirectto parameter...

CVE-2007-1599

CVE-2007-1599 affects WordPress and is documented across multiple connected sources. The vulnerability enables remote attackers to abuse wp-login.php by manipulating the redirect_to parameter to redirect authenticated users to external sites and potentially disclose sensitive information. The Deb...

CVE-2007-1599

wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirectto parameter...

CVE-2007-1599

wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirectto parameter...

Information disclosure

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks...

CVE-2007-0109

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks...

CVE-2005-2109

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use...

CVE-2004-1584

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter...

CVE-2004-1584

The CVE-2004-1584 entry maps to a CRLF/HTTP Response Splitting vulnerability in WordPress 1.2, exploitable via wp-login.php using the text parameter to modify server HTML output. Affected software is WordPress 1.2 (WordPress

WordPress <=1.2 - CRLF (Carriage Return Line Feed) injection

Because of this vulnerability in wp-login.php, attackers can perform HTTP Response Splitting attacks to modify expected HTML content from the server via the "text" parameter. Solution Update the WordPress to the latest available version at least 1.2.1...

CVE-2004-1584

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter...

CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting

Binary data 2356.prm...

Multiple XSS Vulnerabilities in Wordpress 1.2

Vendor : Wordpress URL : http://wordpress.org/ Version : Wordpress 1.2 Risk : XSS Description: WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. ... Go to http://wordpress.org/ for detailed information. Cross Site...

WordPress 1.2 - wp-login.php Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - wp-login.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize...

WordPress Core 1.2 - &#039;wp-login.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Wordpress 1.2 is reported vulnerable, however, other...