English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64759
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1871-1)
Summary:The remote host is missing an update for the Debian 'wordpress' package(s) announced via the DSA-1871-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'wordpress' package(s) announced via the DSA-1871-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-6762

It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks.

CVE-2008-6767

It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack.

CVE-2009-2334

It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information.

CVE-2009-2854

It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions.

CVE-2009-2851

It was discovered that the administrator interface is prone to a cross-site scripting attack.

CVE-2009-2853

It was discovered that remote attackers can gain privileges via certain direct requests.

CVE-2008-1502

It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks.

CVE-2008-4106

It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user.

CVE-2008-4769

It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code.

CVE-2008-4796

It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs.

CVE-2008-5113

It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies.

For the oldstable distribution (etch), these problems have been fixed in version 2.0.10-1etch4.

For the stable distribution (lenny), these problems have been fixed in version 2.5.1-11+lenny1.

For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 2.8.3-1.

We recommend that you upgrade your wordpress packages.

Affected Software/OS:
'wordpress' package(s) on Debian 4, Debian 5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1502
BugTraq ID: 28424
http://www.securityfocus.com/bid/28424
Debian Security Information: DSA-1691 (Google Search)
http://www.debian.org/security/2008/dsa-1691
Debian Security Information: DSA-1871 (Google Search)
http://www.debian.org/security/2009/dsa-1871
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html
http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml
http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110
http://www.openwall.com/lists/oss-security/2008/07/08/14
http://secunia.com/advisories/29491
http://secunia.com/advisories/30073
http://secunia.com/advisories/30986
http://secunia.com/advisories/31017
http://secunia.com/advisories/31018
http://secunia.com/advisories/31167
http://secunia.com/advisories/32400
http://secunia.com/advisories/32446
SuSE Security Announcement: SUSE-SR:2008:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html
https://usn.ubuntu.com/658-1/
http://www.vupen.com/english/advisories/2008/0989/references
XForce ISS Database: egroupware-badprotocolonce-security-bypass(41435)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41435
Common Vulnerability Exposure (CVE) ID: CVE-2008-4106
BugTraq ID: 31068
http://www.securityfocus.com/bid/31068
Bugtraq: 20080911 Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496287/100/0/threaded
https://www.exploit-db.com/exploits/6397
https://www.exploit-db.com/exploits/6421
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html
http://www.sektioneins.de/advisories/SE-2008-05.txt
http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
http://www.openwall.com/lists/oss-security/2008/09/11/6
http://marc.info/?l=oss-security&m=122152830017099&w=2
http://securitytracker.com/id?1020869
http://secunia.com/advisories/31737
http://secunia.com/advisories/31870
http://securityreason.com/securityalert/4272
http://www.vupen.com/english/advisories/2008/2553
Common Vulnerability Exposure (CVE) ID: CVE-2008-4769
BugTraq ID: 28845
http://www.securityfocus.com/bid/28845
http://trac.wordpress.org/changeset/7586
http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html
http://secunia.com/advisories/29949
XForce ISS Database: wordpress-cat-directory-traversal(41920)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41920
Common Vulnerability Exposure (CVE) ID: CVE-2008-4796
BugTraq ID: 31887
http://www.securityfocus.com/bid/31887
Bugtraq: 20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class ) (Google Search)
http://www.securityfocus.com/archive/1/496068/100/0/threaded
https://security.gentoo.org/glsa/201702-26
http://jvn.jp/en/jp/JVN20502807/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html
http://www.openwall.com/lists/oss-security/2008/11/01/1
http://secunia.com/advisories/32361
http://www.vupen.com/english/advisories/2008/2901
XForce ISS Database: snoopy-snoopyclass-command-execution(46068)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46068
Common Vulnerability Exposure (CVE) ID: CVE-2008-5113
http://openwall.com/lists/oss-security/2008/11/14/1
XForce ISS Database: wordpress-request-weak-security(46698)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46698
Common Vulnerability Exposure (CVE) ID: CVE-2008-6762
Bugtraq: 20081222 [ISecAuditors Security Advisories] Wordpress is vulnerable to an unauthorized upgrade and XSS (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html
http://osvdb.org/52213
XForce ISS Database: wordpress-upgrade-phishing(50382)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50382
Common Vulnerability Exposure (CVE) ID: CVE-2008-6767
XForce ISS Database: wordpress-upgrade-sec-bypass(50384)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50384
Common Vulnerability Exposure (CVE) ID: CVE-2009-2334
BugTraq ID: 35584
http://www.securityfocus.com/bid/35584
Bugtraq: 20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information (Google Search)
http://www.securityfocus.com/archive/1/504795/100/0/threaded
http://www.exploit-db.com/exploits/9110
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html
http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
http://www.osvdb.org/55712
http://www.osvdb.org/55715
http://securitytracker.com/id?1022528
http://www.vupen.com/english/advisories/2009/1833
Common Vulnerability Exposure (CVE) ID: CVE-2009-2851
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01241.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01253.html
http://www.openwall.com/lists/oss-security/2009/07/21/1
http://securitytracker.com/id?1022589
Common Vulnerability Exposure (CVE) ID: CVE-2009-2853
http://www.openwall.com/lists/oss-security/2009/08/04/5
Common Vulnerability Exposure (CVE) ID: CVE-2009-2854
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.