Date: Wed, 25 Jan 2012 17:02:58 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi> Subject: Re: TWSL2012-002: Multiple Vulnerabilities in WordPress On 01/25/2012 08:31 AM, Henri Salo wrote: > FYI: http://seclists.org/fulldisclosure/2012/Jan/416 > > - Henri Uh correct me if I am wrong but these already have CVE's? From the link: Finding 1: PHP Code Execution and Persistent Cross Site Scripting Vulnerabilities via 'setup-config.php' page. CVE: CVE-2011-4899 Finding 2: Multiple Cross Site Scripting Vulnerabilities in 'setup-config.php' page CVE: CVE-2012-0782 Finding 3: MySQL Server Username/Password Disclosure Vulnerability via 'setup-config.php' page CVE: CVE-2011-4898 -- -- Kurt Seifried / Red Hat Security Response Team kseifried@...hat.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ