---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 4 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: WordPress "cat" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA29949 VERIFY ADVISORY: http://secunia.com/advisories/29949/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: WordPress 2.x http://secunia.com/product/6745/ DESCRIPTION: Sandor Attila Gerendi has discovered a vulnerability in WordPress, which can potentially be exploited by malicious users to compromise a vulnerable system. Input passed via the "cat" parameter to index.php is not properly sanitised in the "get_category_template()" function in wp-includes/theme.php before being used to include files in template-loader.php. This can be exploited to include arbitrary PHP files from local resources via directory traversal attacks. Successful exploitation allows execution of arbitrary PHP code, but requires privileges to store PHP files on an affected system and that WordPress is installed on a Windows platform. The vulnerability is confirmed in version 2.3.3. SOLUTION: Fixed in the SVN repository. http://trac.wordpress.org/changeset/7586 PROVIDED AND/OR DISCOVERED BY: Sandor Attila Gerendi ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------