 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2005-4463 |
| Description: | WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp- content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp- admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form- comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu- header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.56657 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-4463 Bugtraq: 20051220 [ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2 (Google Search) http://www.securityfocus.com/archive/1/419999/100/0/threaded Bugtraq: 20051221 [ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2 (Google Search) http://www.securityfocus.com/archive/1/419994/100/0/threaded Bugtraq: 20060227 WordPress 2.0.1 Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/426304/100/0/threaded http://NeoSecurityTeam.net/advisories/Advisory-17.txt http://echo.or.id/adv/adv24-theday-2005.txt http://securityreason.com/securityalert/286 |