oval:org.mitre.oval:def:8072
Definition Id: oval:org.mitre.oval:def:8072 | |||
Oval ID: | oval:org.mitre.oval:def:8072 | ||
Title: | DSA-1871 wordpress -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks. It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack. It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information. It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions. It was discovered that the administrator interface is prone to a cross-site scripting attack. It was discovered that remote attackers can gain privileges via certain direct requests. It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks. It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user. It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code. It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs. It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1871 CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2854 CVE-2009-2851 CVE-2009-2853 CVE-2008-1502 CVE-2008-4106 CVE-2008-4769 CVE-2008-4796 CVE-2008-5113 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | wordpress |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6513 | |||
Oval ID: | oval:org.mitre.oval:def:6513 | ||
Title: | Debian GNU/Linux 5.0 is installed | ||
Description: | Debian GNU/Linux 5.0 (lenny) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:5.0 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:8072 |
Definition Id: oval:org.mitre.oval:def:6461 | |||
Oval ID: | oval:org.mitre.oval:def:6461 | ||
Title: | Debian GNU/Linux 4.0 is installed. | ||
Description: | Debian GNU/Linux 4.0 (etch) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:4.0 | Version: | 9 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:8072 |