 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0493 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0493) |
| Resumen: | The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0493 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0493 advisory. Vulnerability Insight: XSS in wptexturize() via comments or posts, exploitable for unauthenticated users (CVE-2014-9031). XSS in media playlists (CVE-2014-9032). CSRF in the password reset process (CVE-2014-9033). Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without setting a maximum password length, which can lead to CPU exhaustion upon hashing (CVE-2014-9034). XSS in Press This (CVE-2014-9035). XSS in HTML filtering of CSS in posts (CVE-2014-9036). Hash comparison vulnerability in old-style MD5-stored passwords (CVE-2014-9037). SSRF: Safe HTTP requests did not sufficiently block the loopback IP address space (CVE-2014-9038). Previously an email address change would not invalidate a previous password reset email (CVE-2014-9039). Affected Software/OS: 'wordpress' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9031 BugTraq ID: 71237 http://www.securityfocus.com/bid/71237 Debian Security Information: DSA-3085 (Google Search) http://www.debian.org/security/2014/dsa-3085 http://seclists.org/fulldisclosure/2014/Nov/62 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://klikki.fi/adv/wordpress.html http://openwall.com/lists/oss-security/2014/11/25/12 http://www.securitytracker.com/id/1031243 Common Vulnerability Exposure (CVE) ID: CVE-2014-9032 BugTraq ID: 71236 http://www.securityfocus.com/bid/71236 Common Vulnerability Exposure (CVE) ID: CVE-2014-9033 Common Vulnerability Exposure (CVE) ID: CVE-2014-9034 Common Vulnerability Exposure (CVE) ID: CVE-2014-9035 Common Vulnerability Exposure (CVE) ID: CVE-2014-9036 Common Vulnerability Exposure (CVE) ID: CVE-2014-9037 Common Vulnerability Exposure (CVE) ID: CVE-2014-9038 Common Vulnerability Exposure (CVE) ID: CVE-2014-9039 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |