[SA26296] WordPress "style" Cross-Site Scripting

SecuToolBox : Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP + Aircrack + Ubiquiti (MadWifi) 530 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA26296] WordPress "style" Cross-Site Scripting

BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date.

Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: link://[click]

TITLE: WordPress "style" Cross-Site Scripting

SECUNIA ADVISORY ID: SA26296

VERIFY ADVISORY: link://[click]

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE: From remote SOFTWARE: WordPress 2.x link://[click]

DESCRIPTION: Benjamin Flesch has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "style" parameter in wp-admin/upload.php (when "post_id" is set to a negative integer value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the target user has valid author or higher credentials.

The vulnerability is confirmed in version 2.2.1. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: Benjamin Flesch

ORIGINAL ADVISORY: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA26298] QT QTextEdit Error Message Handling Format String Vulnerability
Suivant par Date: [SA26295] Red Hat update for qt
Precedent par fil : [SA26298] QT QTextEdit Error Message Handling Format String Vulnerability
Suivant par fil : [SA26295] Red Hat update for qt
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, windows, exploit, réseau, vulnérabilité, système, attaque, microsoft, virus, audit, internet, présentation, fonction, données, linux, outil, bluetooth, shell, gestion, vista, trames, wishmaster, sysun, paquets, metasploit, téléphone, engineering, fonctions + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA32774 Citrix XenServer Ext2/Ext3 Processing Security Bypass Vulnerability - SA32761 No-IP Linux Dynamic Update Client Buffer Overflow Vulnerability - SA32778 Ubuntu update for firefox, firefox-3.0, and xulrunner-1.9 - SA32659 E-topbiz Link Back Checker auth Cookie Security Bypass - SA32745 Free Directory Script API_HOME_DIR File Inclusion Vulnerability + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Re: Full-disclosure Fredrick Diggle Security is looking for a few good men (or mediocre women) - Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus - Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus - Full-disclosure MDVSA-2008:220-1 kernel - Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- Re: Re: Re: Re: Opera 9.6x file:// overflow - Re: MDVSA-2008:232 dovecot - Re: Re: Re: Re: Opera 9.6x file:// overflow - MDVSA-2008:232 dovecot - Re: MDVSA-2008:231 libxml2 + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

virus, spyware, vmware, firmware, biometric, lockpicking, wimax, password, kernel, malware, spammer, windows, iphone, symantec, phish, knoppix, adware, security, botnet, linux, tutorial, cryptography, internet, attack, wireshark, server, virtual, metasploit, intel, openbsd, hitbsecconf2006, protect, jailbreak, norton, ubuntu, rootkit, exploit, samsung, hijackthis, screen, ettercap, fingerprint, vista, flash, drive + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, vulnérabilité, network, google, vulnerability, hacker, attack, inject, remote, mobile, server, exploit, apple, internet, iphone, black, yahoo, sécurité, malware, vista, intel, patch, crypt, drive, access, protect, virtual, laptop, linux, source, biometric, research, ebook, business, virus, office, phish, adobe, chine, facebook, opera, flash, wireless + de mots clés avec l'annuaire de la revue de presse