[Secure-testing-team] Bug#531736: CVE-2008-6767, CVE-2008-6762
Giuseppe Iuculano
giuseppe at iuculano.it
Wed Jun 3 17:11:42 UTC 2009
Package: wordpress
Severity: normal
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wordpress.
CVE-2008-6767[0]:
| wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote
| attackers to upgrade the application, and possibly cause a denial of
| service (application outage), via a direct request.
CVE-2008-6762[1]:
| Open redirect vulnerability in wp-admin/upgrade.php in WordPress,
| probably 2.6.x, allows remote attackers to redirect users to arbitrary
| web sites and conduct phishing attacks via a URL in the backto
| parameter.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6767
http://security-tracker.debian.net/tracker/CVE-2008-6767
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6762
http://security-tracker.debian.net/tracker/CVE-2008-6762
http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkomrsoACgkQNxpp46476ao4IQCgiNDcv98nX7sNWYv5GW2ed7b1
43gAnRxmAgvrTwoSyQCFskWFA4cOYqtZ
=lpIS
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list