Showing 1 - 1 of 1

CVE-2009-2336

Status Candidate

Overview

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Related Files

Core Security Technologies Advisory 2009.0515: Posted Jul 8, 2009; Authored by Core Security Technologies | Site coresecurity.com; Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code.; tags | exploit, arbitrary, php, javascript; advisories | CVE-2009-2334, CVE-2009-2335, CVE-2009-2336; SHA-256 | 43efc5605f03f9b6b8bc960812c20a8df3e0ad4ba585ad37e94105a2c1f2b536; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 292 files
Ubuntu 62 files
Gentoo 32 files
Debian 31 files
LiquidWorm 10 files
Apple 9 files
malvuln 7 files
Ahmet Umit Bayram 4 files
nu11secur1ty 4 files
Adam Gowdiak 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,588)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,751)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,492)
UNIX (9,397)
UnixWare (187)
Windows (6,658)
Other

CVE-2009-2336

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems