Showing 1 - 3 of 3

CVE-2009-2334

Status Candidate

Overview

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.

Related Files

Debian Linux Security Advisory 1871-2: Posted Aug 27, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1871-2 - The previous wordpress update introduced a regression when fixing CVE-2008-4769 due to a function that was not backported with the patch. Please note that this regression only affects the oldstable distribution (etch).; tags | advisory; systems | linux, debian; advisories | CVE-2008-6762, CVE-2008-6767, CVE-2009-2334, CVE-2009-2854, CVE-2009-2851, CVE-2009-2853, CVE-2008-1502, CVE-2008-4106, CVE-2008-4769, CVE-2008-4796, CVE-2008-5113; SHA-256 | 565a2e4f05dcf7aeeb6e8faf612d43fcbf48f13dfbd682a6ec3e14c0ad64284d; Download | Favorite | View

Debian Linux Security Advisory 1871-1: Posted Aug 24, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1871-1 - Several vulnerabilities have been discovered in wordpress, weblog manager.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2008-6762, CVE-2008-6767, CVE-2009-2334, CVE-2009-2854, CVE-2009-2851, CVE-2009-2853, CVE-2008-1502, CVE-2008-4106, CVE-2008-4769, CVE-2008-4796, CVE-2008-5113; SHA-256 | 6af8225de9c2ad14b5d9a8665a5efa8f8b2bde9a73d41b32acb094faf63cf6c8; Download | Favorite | View

Core Security Technologies Advisory 2009.0515: Posted Jul 8, 2009; Authored by Core Security Technologies | Site coresecurity.com; Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code.; tags | exploit, arbitrary, php, javascript; advisories | CVE-2009-2334, CVE-2009-2335, CVE-2009-2336; SHA-256 | 43efc5605f03f9b6b8bc960812c20a8df3e0ad4ba585ad37e94105a2c1f2b536; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 292 files
Ubuntu 66 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
kai6u 3 files
liquidsky 3 files
malvuln 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,555)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,729)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,487)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

CVE-2009-2334

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems