Debian Wordpress vulnerabilities

CVE-2008-3747 [HIGH] CVE-2008-3747: wordpress - The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-include... The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. Scope: local bookworm: resolved (fixed in 2.5.1-6) bullseye: resolved (fixed in

CVE-2008-7220 [HIGH] CVE-2008-7220: asterisk - Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before... Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors. Scope: local bullseye: resolved (fixed in 1:1.6.2.0~rc3-1) sid: resolved (fixed in 1:1.6.2.0~rc3-1)

CVE-2008-5695 [HIGH] CVE-2008-5695: wordpress - wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earli... wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins. Scope: local bookworm: resolved

CVE-2008-5278 [MEDIUM] CVE-2008-5278: wordpress - Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS... Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). Scope: local bookworm: resolved (fixed in 2.5.1-11) bullseye: resolved (fixed in 2.5.1-11) forky: resolved (fixed i

CVE-2008-6767 [CRITICAL] CVE-2008-6767: wordpress - wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to up... wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request. Scope: local bookworm: resolved (fixed in 2.8.3-1) bullseye: resolved (fixed in 2.8.3-1) forky: resolved (fixed in 2.8.3-1) sid: resolved (fixed in 2.8.3-1) trixie: resolved (fix

CVE-2008-0191 [MEDIUM] CVE-2008-0191: wordpress - WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive informatio... WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2008-4671 [MEDIUM] CVE-2008-4671: wordpress - Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress M... Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-3233 [MEDIUM] CVE-2008-3233: wordpress - Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN developmen... Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-0195 [MEDIUM] CVE-2008-0195: wordpress - WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive informa... WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. Scope: local bookworm: resolved (fixed in 2.1.0-1) bullseye: resolved (fixed in 2.1.0-1) forky: resolved (fixed in 2.1.0-1) sid: resolved (fixed in 2.

CVE-2007-2714 [CRITICAL] CVE-2007-2714: wordpress - Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2,... Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors. Scope: local bookworm: resolved (fixed in 2.2-1) bullseye: resolved (fixed in 2.2-1) forky: resolved (fixed in 2.2-1) sid: resolved (fixed in 2.2-1) trixie: resolved (fixed in 2.2-1)

CVE-2007-0262 [HIGH] CVE-2007-0262: wordpress - WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m ... WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix. Scope: local bookworm: resolved (fixed in 2.0.8-1)

CVE-2007-3215 [MEDIUM] CVE-2007-3215: libphp-phpmailer - PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execu... PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Scope: local bookworm: resolved (fixed in 1.73-4) bullseye: resolved (fixed in 1.73-4) forky: resolved (fixed in 1.73-4) sid: resolved (fixed in 1.73-4) trixie: resolved (fi

CVE-2007-2821 [HIGH] CVE-2007-2821: wordpress - SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 a... SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. Scope: local bookworm: resolved (fixed in 2.2-1) bullseye: resolved (fixed in 2.2-1) forky: resolved (fixed in 2.2-1) sid: resolved (fixed in 2.2-1) trixie: resolved (fixed in 2.2-1)

CVE-2007-3543 [MEDIUM] CVE-2007-3543: wordpress - Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress M... Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. Scope

CVE-2007-0107 [MEDIUM] CVE-2007-0107: wordpress - WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate char... WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. Scope: local bookworm: resolved (fixed in 2.0.6-1) bullseye: resolved (fixed in 2.0.

CVE-2007-1894 [MEDIUM] CVE-2007-1894: wordpress - Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in ... Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. Scope: local bookworm: resolved (fixed in 2.1.3-1) bullseye: resolved (fixed in 2.1.3-1) forky: resolved (fixed in 2.1.3-1) sid: resolved (fixed in

CVE-2007-3639 [MEDIUM] CVE-2007-3639: wordpress - WordPress before 2.2.2 allows remote attackers to redirect visitors to other web... WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-inc

CVE-2007-3140 [MEDIUM] CVE-2007-3140: wordpress - SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authent... SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. Scope: local bookworm: resolved (fixed in 2.2.1-1) bullseye: resolved (fixed in 2.2.1-1) forky: resolved (fixed in 2.2.1-1) sid: re

CVE-2007-1897 [MEDIUM] CVE-2007-1897: wordpress - SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and proba... SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. Scope: local bookworm: resolved (fixed in 2.1.3-1) bullseye: resolved (fixed in 2.1.3-1) forky:

CVE-2007-1230 [MEDIUM] CVE-2007-1230: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php... Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049. Scope: local bookworm: resolved (fixed in 2.1.2-1) bullseye: resolved (fixed in 2.1.2-1) forky: r