Next Page >>
wordpress
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
WordPress Privileges Unchecked in admin.php and Multiple Information
Disclosures
1. *Advisory Information*
Hello Bugtraq!
I want to warn you about security vulnerabilities in WordPress which I
published at 30.07.2010 during my Day of bugs in WordPress 2 project.
------------------------------
Advisory: Day of bugs in WordPress 2: Information Leakage and Full path
disclosure vulnerabilities in WordPress
------------------------------
URL: http://websecurity.com.ua/4419/
Hello Bugtraq!
I want to warn you about new security vulnerabilities in WordPress which I
published at 30.07.2010 during my Day of bugs in WordPress 2 project. This
is second advisory for this project.
------------------------------
Advisory: Day of bugs in WordPress 2: CSRF, Information Leakage and Full
path disclosure vulnerabilities in WordPress
------------------------------
Trustwave's SpiderLabs Security Advisory TWSL2012-002:
Multiple Vulnerabilities in WordPress
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
Published: 1/24/12
Version: 1.0
Vendor: WordPress (http://wordpress.org/)
Product: WordPress
Terribly sorry, gmail messed up the GPG signature. Hope this one can
get through.
=== WordPress Charset SQL Injection Vulnerability ===
Release date: 2007-12-10
Last modified: 2007-12-10
Source: Abel Cheung <abelcheung at gmail dot com>
Affected version: WordPress <= 2.3.1
www.sektioneins.de
-= Security Advisory =-
Advisory: Wordpress user_login Column SQL Truncation Vulnerability
Release Date: 2008/09/12
Last Modified: 2008/09/12
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Wordpress <= 2.6.1
Hello Bugtraq!
I want to warn you about Cross-Site Scripting, Full path disclosure,
Information Leakage, Directory Traversal, Arbitrary File Deletion and Denial
of Service vulnerabilities in WordPress.
For all these attacks it's needed to have access to admin account, or to
have account with rights for working with plugins. Or to attack admin or
other user with required rights via XSS, to find out token which designed to
protect against CSRF attacks.
- Severity: Moderately High
=============================================
I. VULNERABILITY
-------------------------
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
II. BACKGROUND
-------------------------
WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards,
and usability. WordPress is both free and priceless at the same time. More simply, WordPress is
Hello Bugtraq!
I want to inform readers of the list about new project - Day of bugs in
WordPress 2 - which I'll conduct at 30.07.2010, which I already announced
today at my site.
After conducting of Month of Search Engines Bugs
(http://websecurity.com.ua/category/moseb/) in June 2007 and Month of Bugs
in Captchas (http://websecurity.com.ua/category/mobic/) in November 2007, I
switched to smaller and less time-consuming, but still very interesting
WORDPRESS 2.5 - SALT CRACKING VULNERABILITY
-------------------------------------------
http://xiam.menteslibres.org/pages/advisories/wordpress-2-5-salt-cracking-vulnerability
By J. Carlos Nieto <xiam@menteslibres.org>
http://xiam.menteslibres.org
Severity
========
Medium. It affects only a determinate part of the WordPress users under
specific conditions.
Wordpress 2.5 Cookie Integrity Protection Vulnerability
Original release date: 2008-04-25
Last revised: 2008-04-25
Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt
CVE ID: CVE-2008-1930
Source: Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/>
Systems Affected:
-----------------------------------------------------------------------
Talsoft S.R.L. Security Advisory
WordPress User IDs and User Names Disclosure
-----------------------------------------------------------------------
I. Advisory information
Title: WordPress User IDs and User Names Disclosure
Advisory Id: TALSOFT-2011-0526
Advisory URL: http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure
Date published: 2011-05-26
http://www.debian.org/security/ Steffen Joeris
August 27, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wordpress
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2854
CVE-2009-2851 CVE-2009-2853 CVE-2008-1502 CVE-2008-4106
http://site/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument784.html
Additional details (in Ukrainian): http://websecurity.com.ua/1694/
2. Wordpress multiple security vulnerabilities:
2.1 information disclosure (WordPress 2.2/2.3)
Invalid request disclosures database structure and local paths:
Debian Security Advisory DSA-1871-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
August 23, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wordpress
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2854
CVE-2009-2851 CVE-2009-2853 CVE-2008-1502 CVE-2008-4106
- Severity: 2/5
=============================================
I. VULNERABILITY
-------------------------
Wordpress is vulnerable to an unauthorized upgrade and XSS
II. BACKGROUND
-------------------------
WordPress started in 2003 with a single bit of code to enhance the
typography of everyday writing and with fewer users than you can count
===== noXSS.org Security Advisory ======
Advisory: WordPress XSS vulnerability in RSS Feed Generator
Author: Jeremias Reith <jr@noxss.org>
Published: 2008/11/25
Affected: WordPress < 2.6.5
Summary
=======
Debian Security Advisory DSA-1502-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
February 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wordpress
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-3238 CVE-2007-2821 CVE-2008-0193 CVE-2008-0194
- Severity: 6.3/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
WordPress MU < 2.7 'Host' HTTP Header Cross Site Scripting (XSS)
Vulnerability
II. BACKGROUND
-------------------------
WordPress MU, or multi-user, allows to run unlimited blogs with a
Below is a digest of vulnerabilities in multiple CAPTCHA systems. All
vulnerabilities were reported by MustLive (websecurity.com.ua) during
"The Month of Bugs in CAPTCHA"
1. Peter’s Custom Anti-Spam Image < 2.9 (Wordpress plugin)
1.1 "antiselect" value can be guessed with 10% probability.
1.2 Same check pairs may be used for multiple postings
According to vendor both problems were addressed in Version 2.9.0 on
Hello Bugtraq!
I want to warn you about vulnerabilities in WordPress.
-----------------------------
Advisory: Vulnerabilities in WordPress
-----------------------------
URL: http://websecurity.com.ua/4016/
-----------------------------
Timeline:
On Fri, Jul 01, 2011 at 11:23:40AM +0200, SEC Consult Vulnerability Lab wrote:
> SEC Consult Vulnerability Lab Security Advisory < 20110701-0 >
> =======================================================================
> title: Multiple SQL Injection Vulnerabilities
> product: WordPress
> vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions
> fixed version: 3.1.4/3.2-RC3
> impact: Medium
> homepage: http://wordpress.org/
> found: 2011-06-21
* Attack Method: Known Vulnerability
* Attack Method: Insufficient Authentication
* Attack Method: SQL Injection
* Country: UK
* Outcome: Downtime
* Software: WordPress
* Vertical: Education
I am sure that the guys at Light Blue Touchpaper have the expertise to
protect their WordPress installation, but they don't have the time. They
made the compromise between ease of management of their web site and its
> * Attack Method: Known Vulnerability
> * Attack Method: Insufficient Authentication
> * Attack Method: SQL Injection
> * Country: UK
> * Outcome: Downtime
> * Software: WordPress
> * Vertical: Education
>
> I am sure that the guys at Light Blue Touchpaper have the expertise to
> protect their WordPress installation, but they don't have the time. They
> made the compromise between ease of management of their web site and its
* Attack Method: Known Vulnerability
* Attack Method: Insufficient Authentication
* Attack Method: SQL Injection
* Country: UK
* Outcome: Downtime
* Software: WordPress
* Vertical: Education
I am sure that the guys at Light Blue Touchpaper have the expertise to
protect their WordPress installation, but they don't have the time. They
made the compromise between ease of management of their web site and its
* Attack Method: Known Vulnerability
* Attack Method: Insufficient Authentication
* Attack Method: SQL Injection
* Country: UK
* Outcome: Downtime
* Software: WordPress
* Vertical: Education
I am sure that the guys at Light Blue Touchpaper have the expertise to
protect their WordPress installation, but they don't have the time. They
made the compromise between ease of management of their web site and its
SEC Consult Vulnerability Lab Security Advisory < 20110701-0 >
=======================================================================
title: Multiple SQL Injection Vulnerabilities
product: WordPress
vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions
fixed version: 3.1.4/3.2-RC3
impact: Medium
homepage: http://wordpress.org/
found: 2011-06-21
by: K. Gudinavicius
>
>
> ---------- Forwarded message ---------- From: *Kousuke Ebihara*
> <kousuke@co3k.org <mailto:kousuke@co3k.org>> Date: Fri, Feb 17,
> 2012 at 2:31 AM Subject: 0-DAY XSS of cforms II is now fixed after
> a year and four months (was Re: cforms WordPress Plugin Cross Site
> Scripting Vulnerability - CVE-2010-3977) To: Rodrigo Branco
> <rbranco@checkpoint.com <mailto:rbranco@checkpoint.com>> Cc:
> "full-disclosure@lists.grok.org.uk
> <mailto:full-disclosure@lists.grok.org.uk>"
> <full-disclosure@lists.grok.org.uk
My point-of-view is that anything can be made "insecure". The
WordPress issue is avoidable by just configuring the server to common
standards of not displaying errors in a production environment. That
seems pretty simple. I can see instances where I would want the
software to reveal the path if needed to troubleshoot a WP instance.
That can be done in a controlled test environment by allowing errors
to be displayed through PHP.
Removing functionality to get around configuring the environment
properly seems counterproductive.
-------------------------
WP-Forum <= 2.3 SQL Injection & Blind SQL Injection vulnerabilities
II. BACKGROUND
-------------------------
WP-Forum is a discussion forum plugin for WordPress. It works with
WordPress 2+ version and PHP >= 5.0
III. DESCRIPTION
-------------------------
WP-Forum fails to sanitized user supplied input and is vulnerable to
Next Page>>
|
