Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD884FCED7-7F1C-11DD-A66A-0019666436C2
HistorySep 08, 2008 - 12:00 a.m.

wordpress -- remote privilege escalation

2008-09-0800:00:00
vuxml.freebsd.org
24

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.014

Percentile

86.5%

JSON

The Wordpress development team reports:

With open registration enabled, it is possible in WordPress
versions 2.6.1 and earlier to craft a username such that it
will allow resetting another users password to a randomly
generated password. The randomly generated password is not
disclosed to the attacker, so this problem by itself is annoying
but not a security exploit. However, this attack coupled with a
weakness in the random number seeding in mt_rand() could be used
to predict the randomly generated password.

Related

owncloud 2
patchstack 1
openvas 6
nessus 4
ubuntucve 2
cvelist 2
prion 2
cve 2
nvd 2
debiancve 1
owncloud
owncloud
Server: Insufficiently random values
2012-08-10 11:42:22
Insufficiently random values - ownCloud
2012-08-10 17:04:28
patchstack
patchstack
WordPress <= 2.6.1 - SQL Truncation Vulnerability #1
2008-09-15 00:00:00
openvas
openvas
Fedora Update for wordpress FEDORA-2008-7902
2009-02-17 00:00:00
Fedora Update for wordpress FEDORA-2008-7902
2009-02-17 00:00:00
Fedora Update for wordpress FEDORA-2008-7760
2009-02-17 00:00:00
nessus
nessus
Fedora 8 : wordpress-2.6.2-1.fc8 (2008-7760)
2008-09-12 00:00:00
Fedora 9 : wordpress-2.6.2-1.fc9 (2008-7902)
2008-09-12 00:00:00
FreeBSD : wordpress -- remote privilege escalation (884fced7-7f1c-11dd-a66a-0019666436c2)
2008-09-10 00:00:00
ubuntucve
ubuntucve
CVE-2008-4106
2008-09-18 00:00:00
CVE-2008-4107
2008-09-18 00:00:00
cvelist
cvelist
CVE-2008-4106
2008-09-18 17:47:00
CVE-2008-4107
2008-09-18 17:47:00
prion
prion
Sql injection
2008-09-18 17:59:00
Default credentials
2008-09-18 17:59:00
cve
cve
CVE-2008-4106
2008-09-18 17:59:33
CVE-2008-4107
2008-09-18 17:59:33
nvd
nvd
CVE-2008-4106
2008-09-18 17:59:33
CVE-2008-4107
2008-09-18 17:59:33
debiancve
debiancve
CVE-2008-4106
2008-09-18 17:59:33

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.014

Percentile

86.5%

JSON
Related for 884FCED7-7F1C-11DD-A66A-0019666436C2
owncloud2patchstack1openvas6nessus4ubuntucve2cvelist2prion2cve2nvd2debiancve1