Adrianweb eredeti hozzászólása
Várom véleményeiteket
HTML kód:
[+] WordPress version 3.6 identified from meta generator
[!] 8 vulnerabilities identified from the version number:
|
| * Title: PHP Object Injection
| * Reference: http://vagosec.org/2013/09/wordpress-php-object-injection/
| * Reference: http://www.openwall.com/lists/oss-security/2013/09/12/1
| * Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340
| * Reference: http://core.trac.wordpress.org/changeset/25325
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338
| * Reference: http://secunia.com/advisories/54803
| * Reference: http://osvdb.org/97211
| * Fixed in: 3.6.1
|
| * Title: wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness
| * Reference: http://core.trac.wordpress.org/changeset/25322
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739
| * Reference: http://osvdb.org/97210
| * Fixed in: 3.6.1
|
| * Title: Crafted String URL Redirect Restriction Bypass
| * Reference: http://packetstormsecurity.com/files/123589/
| * Reference: http://core.trac.wordpress.org/changeset/25323
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
| * Reference: http://secunia.com/advisories/54803
| * Reference: http://osvdb.org/97212
| * Reference: http://www.exploit-db.com/exploits/28958/
| * Fixed in: 3.6.1
|
| * Title: wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing
| * Reference: http://core.trac.wordpress.org/changeset/25321
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340
| * Reference: http://secunia.com/advisories/54803
| * Reference: http://osvdb.org/97213
| * Fixed in: 3.6.1
|
| * Title: wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness
| * Reference: http://core.trac.wordpress.org/changeset/25322
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738
| * Reference: http://osvdb.org/97214
| * Fixed in: 3.6.1
|
| * Title: Multiple Function Path Disclosure
| * Reference: http://seclists.org/fulldisclosure/2013/Nov/220
| * Reference: http://osvdb.org/100487
|
| * Title: Multiple Script Arbitrary Site Redirect
| * Reference: http://seclists.org/fulldisclosure/2013/Dec/174
| * Reference: http://osvdb.org/101181
| * Fixed in: 3.6.1
|
| * Title: wp-admin/edit-tags.php _wp_http_referer Parameter Reflected XSS
| * Reference: http://seclists.org/fulldisclosure/2013/Dec/174
| * Reference: http://osvdb.org/101182
| * Fixed in: 3.6.1
[+] WordPress theme in use: originmag114/originmag - v1.1.4
| Name: originmag114/originmag - v1.1.4
| Location: http://cleaneating.hu/wp-content/themes/originmag114/originmag/
| Changelog: http://cleaneating.hu/wp-content/themes/originmag114/originmag/changelog.txt
[+] Enumerating plugins from passive detection ...
| 1 plugins found:
| Name: wp-super-cache - v1.4
| Location: http://cleaneating.hu/wp-content/plugins/wp-super-cache/
| Readme: http://cleaneating.hu/wp-content/plugins/wp-super-cache/readme.txt
[+] Finished: Fri Jan 3 17:23:16 2014
[+] Memory used: 7.992 MB
[+] Elapsed time: 00:00:32
Egy WP frissites nem artana
Könyvjelzők