Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.800662 |
Kategorie: | Web application abuses |
Titel: | WordPress / WordPress MU Multiple Vulnerabilities - July09 |
Zusammenfassung: | The host is running WordPress / WordPress MU and is prone to multiple; vulnerabilities |
Beschreibung: | Summary: The host is running WordPress / WordPress MU and is prone to multiple vulnerabilities Vulnerability Insight: - Error in 'wp-settings.php' which may disclose sensitive information via a direct request. - Error occur when user attempt for failed login or password request depending on whether the user account exists, and it can be exploited by enumerate valid usernames. - Error in wp-admin/admin.php is does not require administrative authentication to access the configuration of a plugin, which allows attackers to specify a configuration file in the page parameter via collapsing-archives/options.txt, related-ways-to-take-action/options.php, wp-security-scan/securityscan.php, akismet/readme.txt and wp-ids/ids-admin.php. Vulnerability Impact: Successful exploitation will allow attackers to view the content of plugins configuration pages, inject malicious scripting code, or gain knowledge of sensitive username information. Affected Software/OS: WordPress / WordPress MU version prior to 2.8.1. Solution: Update to Version 2.8.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Querverweis: |
BugTraq ID: 35581 BugTraq ID: 35584 Common Vulnerability Exposure (CVE) ID: CVE-2009-2432 Bugtraq: 20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information (Google Search) http://www.securityfocus.com/archive/1/504795/100/0/threaded http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://www.osvdb.org/55717 http://securitytracker.com/id?1022528 http://www.vupen.com/english/advisories/2009/1833 XForce ISS Database: wordpress-wpsettings-path-disclosure(51734) https://exchange.xforce.ibmcloud.com/vulnerabilities/51734 Common Vulnerability Exposure (CVE) ID: CVE-2009-2336 http://www.securityfocus.com/bid/35581 http://www.exploit-db.com/exploits/9110 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html http://www.osvdb.org/55714 Common Vulnerability Exposure (CVE) ID: CVE-2009-2335 http://www.osvdb.org/55713 Common Vulnerability Exposure (CVE) ID: CVE-2009-2334 http://www.securityfocus.com/bid/35584 Debian Security Information: DSA-1871 (Google Search) http://www.debian.org/security/2009/dsa-1871 http://www.osvdb.org/55712 http://www.osvdb.org/55715 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |