====================================================== Name: CVE-2007-0106 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0106 Reference: BUGTRAQ:20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456048/100/0/threaded Reference: MISC:http://www.hardened-php.net/advisory_012007.140.html Reference: CONFIRM:http://wordpress.org/development/2007/01/wordpress-206/ Reference: BID:21893 Reference: URL:http://www.securityfocus.com/bid/21893 Reference: FRSIRT:ADV-2007-0061 Reference: URL:http://www.frsirt.com/english/advisories/2007/0061 Reference: SECUNIA:23595 Reference: URL:http://secunia.com/advisories/23595
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. ====================================================== Name: CVE-2007-0107 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0107 Reference: BUGTRAQ:20070105 Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456049/100/0/threaded Reference: MISC:http://www.hardened-php.net/advisory_022007.141.html Reference: CONFIRM:http://wordpress.org/development/2007/01/wordpress-206/ Reference: BID:21907 Reference: URL:http://www.securityfocus.com/bid/21907 Reference: FRSIRT:ADV-2007-0061 Reference: URL:http://www.frsirt.com/english/advisories/2007/0061 Reference: SECUNIA:23595 Reference: URL:http://secunia.com/advisories/23595 WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
