Showing 1 - 1 of 1

CVE-2009-2336

Status Candidate

Overview

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Related Files

Core Security Technologies Advisory 2009.0515: Posted Jul 8, 2009; Authored by Core Security Technologies | Site coresecurity.com; Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code.; tags | exploit, arbitrary, php, javascript; advisories | CVE-2009-2334, CVE-2009-2335, CVE-2009-2336; SHA-256 | 43efc5605f03f9b6b8bc960812c20a8df3e0ad4ba585ad37e94105a2c1f2b536; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2009-2336

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems