Debian Wordpress vulnerabilities

CVE-2009-2334 [MEDIUM] CVE-2009-2334: wordpress - wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require a... wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.

CVE-2009-2432 [MEDIUM] CVE-2009-2432: wordpress - WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensiti... WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message. Scope: local bookworm: resolved (fixed in 2.8.3-1) bullseye: resolved (fixed in 2.8.3-1) forky: resolved (fixed in 2.8.3-1) sid: resolved (fixed in 2.8.3-1) trixie: resolved

CVE-2009-3891 [LOW] CVE-2009-3891: wordpress - Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress... Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). Scope: local bookworm: resolved (fixed in 2.8.6-1) bullseye: resolved (fixed in 2.8.6-1) forky: resolved (fixed in 2.8.6-1) sid: resolved (fixed in 2.8.

CVE-2009-3890 [MEDIUM] CVE-2009-3890: wordpress - Unrestricted file upload vulnerability in the wp_check_filetype function in wp-i... Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this at

CVE-2008-4769 [CRITICAL] CVE-2008-4769: wordpress - Directory traversal vulnerability in the get_category_template function in wp-in... Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixed in 2

CVE-2008-2146 [HIGH] CVE-2008-2146: wordpress - wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the cur... wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. Scope: local bookworm: resolved (fixed in 2.2.3-1) bullseye: resolved (fixed in 2.2.3-1) forky: resolved (fixed in 2.2.3-1) sid: resolved (fixed in 2.2.3-1) t

CVE-2008-0196 [MEDIUM] CVE-2008-0196: wordpress - Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier all... Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow rem

CVE-2008-4796 [CRITICAL] CVE-2008-4796: libphp-snoopy - The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier... The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. Scope: local bookworm: resolved (fixed in 1.2.4-1) bullsey

CVE-2008-1502 [MEDIUM] CVE-2008-1502: wordpress - The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as u... The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. Scope: local bookworm: resolved (fixed in 2.5.0-1) bullseye: resolve

CVE-2008-5113 [MEDIUM] CVE-2008-5113: wordpress - WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous sit... WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue

CVE-2008-0193 [MEDIUM] CVE-2008-0193: wordpress - Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11... Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. Scope: local bookworm: resolved (fixed in 2.1.0-1) bullseye: resolved (fixed in 2.1.0-1) forky: res

CVE-2008-0192 [MEDIUM] CVE-2008-0192: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earli... Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. Scope: local bookworm: resolved (fixed in 2.0.10-1) bullseye: resolved (fixed in 2.0.10-1) forky: resolved (fixed in 2.0.10-1) sid: resol

CVE-2008-4106 [MEDIUM] CVE-2008-4106: wordpress - WordPress before 2.6.2 does not properly handle MySQL warnings about insertion o... WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then re

CVE-2008-2068 [MEDIUM] CVE-2008-2068: wordpress - Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attacker... Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.5.1-1) bullseye: resolved (fixed in 2.5.1-1) forky: resolved (fixed in 2.5.1-1) sid: resolved (fixed in 2.5.1-1) trixie: resolved (fixed in 2.5.1-1)

CVE-2008-1930 [CRITICAL] CVE-2008-1930: wordpress - The cookie authentication method in WordPress 2.5 relies on a hash of a concaten... The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptogra

CVE-2008-0664 [MEDIUM] CVE-2008-0664: wordpress - The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registra... The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. Scope: local bookworm: resolved (fixed in 2.3.3-1) bullseye: resolved (fixed in 2.3.3-1) forky: resolved (fixed in 2.3.3-1) sid: resolved (fixed in 2.3.3-1) trixie: resolved (fixed in 2.3.3-

CVE-2008-0194 [MEDIUM] CVE-2008-0194: wordpress - Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and ear... Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. Scope: local bookworm: resolved (fi

CVE-2008-1304 [MEDIUM] CVE-2008-1304: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow rem... Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: r

CVE-2008-2392 [CRITICAL] CVE-2008-2392: wordpress - Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allo... Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. Scope: local bookworm: resolved (fixed in 2.5.1-4) bullseye: resolved (fixed in 2.5.1-4) forky: resolved (fixed in 2.5.1-4) sid: resolved (f

CVE-2008-6762 [MEDIUM] CVE-2008-6762: wordpress - Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x... Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. Scope: local bookworm: resolved (fixed in 2.8.3-1) bullseye: resolved (fixed in 2.8.3-1) forky: resolved (fixed in 2.8.3-1) sid: resolved (fixed in 2.8.3-1