SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

WordPress 2.0.3 SQL Error and Full Path Disclosure


Arrow  SecurityAlert : 1187
Arrow  CVE : CVE-2006-3390
Arrow  CVE : CVE-2006-3389
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : xzerox linuxmail org
Arrow  Published : 08.07.2006

Arrow  Affected Software : WordPress 2.0.3



Arrow  Advisory Content :  

Dnia 02-07-2006, nie o godzinie 09:15 +0000, xzerox (at) linuxmail (dot)
org [email concealed]
napisaÅ?(a):

> Example:
>
> http://localhost/wordpress/index.php?paged=-1
>
> Result:
>
> WordPress database error: [Erreur de syntaxe pr?s de '-20, 10' ? la ligne
1]
> SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <=
'2006-06-29 12:46:59' AND (post_status = "publish") AND post_status !=
"attachment" GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -20, 10

Put this line somewhere in the wp-settings.php file (for example at the
end of the code before the do_action(init) call):

$wpdb->hide_errors();

>
> ~ Full path ~
>
> /wp-settings.php
> /wp-admin/admin-footer.php
> /wp-admin/admin-functions.php
> /wp-admin/edit-form.php

in line 60 of wp-settings.php change to:

error_reporting(0);

Now the World is safe.

--
js





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.