 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2013.0198 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2013-0198) |
| Resumen: | The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2013-0198 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2013-0198 advisory. Vulnerability Insight: A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption (CVE-2013-2173). Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1 (CVE-2013-2199). Inadequate checking of a user's capabilities could allow them to publish posts when their user role should not allow for it, and to assign posts to other authors (CVE-2013-2200). Inadequate escaping allowed an administrator to trigger a cross-site scripting vulnerability through the uploading of media files and plugins (CVE-2013-2201). The processing of an oEmbed response is vulnerable to an XXE (CVE-2013-2202). If the uploads directory is not writable, error message data returned via XHR will include a full path to the directory (CVE-2013-2203). Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project (CVE-2013-2204). Cross-domain XSS in SWFUpload (CVE-2013-2205). Affected Software/OS: 'wordpress' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-2173 Bugtraq: 20130613 Re: WordPress 3.5.1, Denial of Service (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-06/0052.html Debian Security Information: DSA-2718 (Google Search) http://www.debian.org/security/2013/dsa-2718 https://github.com/wpscanteam/wpscan/issues/219 https://vndh.net/note:wordpress-351-denial-service http://openwall.com/lists/oss-security/2013/06/12/2 Common Vulnerability Exposure (CVE) ID: CVE-2013-2199 Common Vulnerability Exposure (CVE) ID: CVE-2013-2200 Common Vulnerability Exposure (CVE) ID: CVE-2013-2201 Common Vulnerability Exposure (CVE) ID: CVE-2013-2202 Common Vulnerability Exposure (CVE) ID: CVE-2013-2203 Common Vulnerability Exposure (CVE) ID: CVE-2013-2204 Common Vulnerability Exposure (CVE) ID: CVE-2013-2205 BugTraq ID: 60759 http://www.securityfocus.com/bid/60759 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |