Exploit the possiblities
Showing 1 - 2 of 2 RSS Feed

CVE-2013-2202

Status Candidate

Overview

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Related Files

Debian Security Advisory 2718-1
Posted Jul 3, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2718-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
MD5 | 58ec8e6dd185e2bf83d991352df10a14
Mandriva Linux Security Advisory 2013-189
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-189 - A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially-crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption. Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to which was specific to SSRF in pingback requests and was fixed in 3.5.1. Inadequate checking of a user's capabilities could allow them to publish posts when their user role should not allow for it; and to assign posts to other authors. Inadequate escaping allowed an administrator to trigger a cross-site scripting vulnerability through the uploading of media files and plugins. The processing of an oEmbed response is vulnerable to an XXE. If the uploads directory is not writable, error message data returned via XHR will include a full path to the directory. Content Spoofing in the MoxieCode MoxiePlayer project. Cross-domain XSS in SWFUpload.

tags | advisory, remote, web, denial of service, spoof, xss
systems | linux, mandriva
advisories | CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
MD5 | 72722938515381873f84bbd819def4b7
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    1 Files
  • 22
    Jan 22nd
    15 Files
  • 23
    Jan 23rd
    15 Files
  • 24
    Jan 24th
    5 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close