diff options
| author | gabor <gabor@FreeBSD.org> | 2007-06-09 23:07:22 +0800 |
|---|---|---|
| committer | gabor <gabor@FreeBSD.org> | 2007-06-09 23:07:22 +0800 |
| commit | 4b3d8b18ef7a7ef22733fdc1299d0e91297b3813 (patch) | |
| tree | 73af15d0ea648602061233b23c2c64ddd6699ba8 /security/vuxml | |
| parent | 88ab643878e4cbe78026c30e9624702319a4984f (diff) | |
| download | freebsd-ports-gnome-4b3d8b18ef7a7ef22733fdc1299d0e91297b3813.tar.gz freebsd-ports-gnome-4b3d8b18ef7a7ef22733fdc1299d0e91297b3813.tar.zst freebsd-ports-gnome-4b3d8b18ef7a7ef22733fdc1299d0e91297b3813.zip | |
wordpress -- XMLRPC SQL Injection
wordpress -- unmoderated comments disclosure
Reviewed by: simon
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7e99dc615a74..605e1fb8ad73 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,77 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="0838733d-1698-11dc-a197-0011098b2f36"> + <topic>wordpress -- XMLRPC SQL Injection</topic> + <affects> + <package> + <name>wordpress</name> + <name>de-wordpress</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/25552/"> + <p>Slappter has discovered a vulnerability in WordPress, which can + be exploited by malicious users to conduct SQL injection + attacks.</p> + <p>Input passed to the "wp.suggestCategories" method in xmlrpc.php + is not properly sanitised before being used in SQL queries. This + can be exploited to manipulate SQL queries by injecting arbitrary + SQL code.</p> + <p>Successful exploitation allows e.g. retrieving usernames and + password hashes, but requires valid user credentials and knowledge + of the database table prefix.</p> + </blockquote> + </body> + </description> + <references> + <bid>24344</bid> + <url>http://secunia.com/advisories/25552/</url> + </references> + <dates> + <discovery>2007-06-06</discovery> + <entry>2007-06-09</entry> + </dates> + </vuln> + + <vuln vid="6a31cbe3-1695-11dc-a197-0011098b2f36"> + <topic>wordpress -- unmoderated comments disclosure</topic> + <affects> + <package> + <name>wordpress</name> + <name>de-wordpress</name> + <range><gt>0</gt></range> + </package> + <package> + <name>de-wordpress</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Blogsecurity reports:</p> + <blockquote cite="http://blogsecurity.net/news/news-310507/"> + <p>An attacker can read comments on posts that have not been + moderated. This can be a real security risk if blog admins + are using unmoderated comments (comments that have not been + made public) to hide sensitive notes regarding posts, future + work, passwords etc. So please be careful if you are one of + these blog admins.</p> + </blockquote> + </body> + </description> + <references> + <url>http://blogsecurity.net/news/news-310507/</url> + </references> + <dates> + <discovery>2007-06-01</discovery> + <entry>2007-06-09</entry> + </dates> + </vuln> + <vuln vid="12b7286f-16a2-11dc-b803-0016179b2dd5"> <topic>webmin -- cross site scripting vulnerability</topic> <affects> |