Debian Wordpress vulnerabilities

CVE-2007-3238 [MEDIUM] CVE-2007-3238: wordpress - Cross-site scripting (XSS) vulnerability in functions.php in the default theme i... Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Admi

CVE-2007-0109 [MEDIUM] CVE-2007-0109: wordpress - wp-login.php in WordPress 2.0.5 and earlier displays different error messages if... wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. Scope: local bookworm: resolved (fixed in 2.0.6-1) bullseye: resolved (fixed in 2.0.6-1) forky: resolved (fixed in 2.0.6-1) sid: resolved (fixed in 2.0.6-1) trixie:

CVE-2007-6013 [CRITICAL] CVE-2007-6013: wordpress - Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a passwo... Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. Scope: local bookworm: resolved (fixed in 2.5.0-1) bullseye: resolved (fixed in 2.5.0-1) forky: resolved (fixed in

CVE-2007-0541 [MEDIUM] CVE-2007-0541: wordpress - WordPress allows remote attackers to determine the existence of arbitrary files,... WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog

CVE-2007-1599 [MEDIUM] CVE-2007-1599: wordpress - wp-login.php in WordPress allows remote attackers to redirect authenticated user... wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. Scope: local bookworm: resolved (fixed in 2.2.2-1) bullseye: resolved (fixed in 2.2.2-1) forky: resolved (fixed in 2.2.2-1) sid: resolved (fixed in 2.2.2-1) trixie: resolved (fixed in 2.2.2-

CVE-2007-1049 [MEDIUM] CVE-2007-1049: wordpress - Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the... Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. Scope: loc

CVE-2007-1277 [HIGH] CVE-2007-1277: wordpress - WordPress 2.1.1, as downloaded from some official distribution sites during Febr... WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

CVE-2007-5105 [MEDIUM] CVE-2007-5105: wordpress - Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and... Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. Scope: local bookworm: resolved (fixed in 2.0.4-1) bullseye: resolved (fixed in 2.0.4-1) forky: resolved (fixed in 2.0.4-1) sid: resolved (fixed in 2.0.4-1) trixie: resolved (fixed in 2.

CVE-2007-4893 [MEDIUM] CVE-2007-4893: wordpress - wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user ... wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. Scope: local bookworm: resolved (fixed in 2.2.3-1) bullseye:

CVE-2006-1012 [HIGH] CVE-2006-1012: wordpress - SQL injection vulnerability in WordPress 1.5.2, and possibly other versions befo... SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. Scope: local bookworm: resolved (fixed in 2.0.1-1) bullseye: resolved (fixed in 2.0.1-1) forky: resolved (fixed in 2.0.1-1) sid: resolved (fixed in 2.0.1-1) trixie:

CVE-2006-1796 [MEDIUM] CVE-2006-1796: wordpress - Cross-site scripting (XSS) vulnerability in the paging links functionality in te... Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). Scope: local bookworm: resolved (fixed in 2.0.1) bullseye: r

CVE-2006-1263 [MEDIUM] CVE-2006-1263: wordpress - Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress b... Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Scope: local bookworm: resolved (fixed in 2.0.2-1) bullseye: resolved (fixed in 2.0.2-1) forky: resolved (fixed in 2.0.2-1) sid: resolved (fixed in 2.0.2-1) trixie: resolved (fixed in

CVE-2006-5705 [MEDIUM] CVE-2006-5705: wordpress - Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in Word... Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. Scope: local bookworm: resolved (fixed in 2.0.5-0.1) bullseye: resolved (fixed in 2.0.5-0.1) forky:

CVE-2006-6017 [MEDIUM] CVE-2006-6017: wordpress - WordPress before 2.0.5 does not properly store a profile containing a string rep... WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. Scope: local book

CVE-2006-2702 [MEDIUM] CVE-2006-2702: wordpress - vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote at... vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. Scope: local bookworm: resolved (fixed in 2.0.3-1) bullseye: resolved (fixed in 2.0.3-1) forky: resolved (fixed in 2.0.3-1) sid: resolved (fixed in 2.0.3-1) trix

CVE-2006-2667 [HIGH] CVE-2006-2667: wordpress - Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows... Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as dem

CVE-2006-0985 [MEDIUM] CVE-2006-0985: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functi... Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. Scope: local bookworm: resolved (fixed in 2.0.2-1) bullseye: resolved (fixed in 2.0.2-1) forky: resolved (fixed in 2.0.2-1) si

CVE-2006-6016 [MEDIUM] CVE-2006-6016: wordpress - wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated use... wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. Scope: local bookworm: resolved (fixed in 2.0.5-0.1) bullseye: resolved (fixed in 2.0.5-0.1) forky: resolved (fixed in 2.0.5-0.1) sid: resolved (fixed in 2.0.5-0.1) trixie: resolved (fixed in 2.0.5-0.1)

CVE-2006-6808 [MEDIUM] CVE-2006-6808: wordpress - Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress ... Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. Scope: local bookworm: resolved (fixed in 2.0.6-1) bullseye: resol

CVE-2006-4028 [MEDIUM] CVE-2006-4028: wordpress - Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impa... Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests)