Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-2335

Published: 10/07/2009 Updated: 08/11/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 506
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Wordpress

Vulnerability Summary

WordPress and WordPress MU prior to 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

wordpress wordpress mu

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures
Debian Bug report logs - #536724 wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom&g ...
Debian CVElist Bug Report Logs: CVE-2009-2431, CVE-2009-2432
Debian Bug report logs - #537146 CVE-2009-2431, CVE-2009-2432 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 15 Jul 2009 14:00:02 UTC Severity: important Tags ...
Debian CVElist Bug Report Logs: CVE-2008-6767, CVE-2008-6762
Debian Bug report logs - #531736 CVE-2008-6767, CVE-2008-6762 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 3 Jun 2009 17:27:02 UTC Severity: normal Tags: s ...

Exploits

Exploit DB: WordPress Plugin Block-Spam-By-Math-Reloaded - Bypass
## # $Id: wordpress_login_enumrb 12196 2011-04-01 00:51:33Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## class Metasploit3 & ...
Exploit DB: Core Security Technologies Advisory 2009.0515
Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code Arbitrary native code may be run by a malicious attacker if the b ...

Github Repositories

https://github.com/OmarG13/Raven1-Pen-Test

Raven1 CTF Pen-Test If you're attempting this CTF, I would urge you to TRY HARDER before proceeding as, obviously, there are spoilers below! The following vulnerabilities were identified: Weak password requirements a CWE-521 cwemitreorg/data/definitions/521html b CWE-522 cwemitreorg/data/definitions/522html c Severity: Critical Wordpress &ndash

https://github.com/shaharsigal/Final-Project-Cyber-Security

Final-Project Red Team: Summary of Operations Table of Contents Exposed Services Critical Vulnerabilities Exploitation Exposed Services Fill out the information below: Nmap scan results for each machine reveal the below services and OS details: nmap -sV 1921681110 command to Scan Target 1 This scan identifies the services below as potential points of entry: Targe

https://github.com/Austin-Jacobs/Code_Path

Code Path Week 7 & 8 WordPress vs Kali Homework Instructions: For these week's assignment, discover and demonstrate similar proofs-of-concept for at least an additional three and (up to five) exploits affecting an older version of WP All exploits were tested and implemented within a WPDistillery 42 environment 1 HTTP GET Request through author id Exploit Summ

References

CWE-16http://securitytracker.com/id?1022528http://www.vupen.com/english/advisories/2009/1833http://www.osvdb.org/55713http://www.securityfocus.com/bid/35581http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Uncheckedhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.htmlhttp://www.exploit-db.com/exploits/9110http://www.securityfocus.com/archive/1/504795/100/0/threadedhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724https://www.exploit-db.com/exploits/17702/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook