ID de Prueba:	1.3.6.1.4.1.25623.1.0.800657
Categoría:	Web application abuses
Título:	WordPress Multiple Vulnerabilities (Jul 2009)
Resumen:	WordPress is prone to Multiple Vulnerabilities.
Descripción:	Summary: WordPress is prone to Multiple Vulnerabilities. Vulnerability Insight: - Error in 'wp-settings.php' which may disclose the sensitive information via a direct request. - username of a post's author is placed in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source. - Error occur when user attempt for failed login or password request depending on whether the user account exists, and it can be exploited by enumerate valid usernames. - wp-admin/admin.php does not require administrative authentication to access the configuration of a plugin, which allows attackers to specify a configuration file in the page parameter via collapsing-archives/options.txt, related-ways-to-take-action/options.php, wp-security-scan/securityscan.php, akismet/readme.txt and wp-ids/ids-admin.php. Vulnerability Impact: Successful exploitation will allow attackers to view the content of plugins configuration pages, inject malicious scripting code, or gain knowledge of sensitive username information. Affected Software/OS: WordPress version prior to 2.8.1 on all running platform. Solution: Update to Version 2.8.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2432 Bugtraq: 20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information (Google Search) http://www.securityfocus.com/archive/1/504795/100/0/threaded http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://www.osvdb.org/55717 http://securitytracker.com/id?1022528 http://www.vupen.com/english/advisories/2009/1833 XForce ISS Database: wordpress-wpsettings-path-disclosure(51734) https://exchange.xforce.ibmcloud.com/vulnerabilities/51734 Common Vulnerability Exposure (CVE) ID: CVE-2009-2431 http://www.osvdb.org/55716 XForce ISS Database: wordpress-username-information-disclosure(51733) https://exchange.xforce.ibmcloud.com/vulnerabilities/51733 Common Vulnerability Exposure (CVE) ID: CVE-2009-2336 BugTraq ID: 35581 http://www.securityfocus.com/bid/35581 http://www.exploit-db.com/exploits/9110 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html http://www.osvdb.org/55714 Common Vulnerability Exposure (CVE) ID: CVE-2009-2335 http://www.osvdb.org/55713 Common Vulnerability Exposure (CVE) ID: CVE-2009-2334 BugTraq ID: 35584 http://www.securityfocus.com/bid/35584 Debian Security Information: DSA-1871 (Google Search) http://www.debian.org/security/2009/dsa-1871 http://www.osvdb.org/55712 http://www.osvdb.org/55715
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.