Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Jan 2012 17:02:58 -0700
From: Kurt Seifried <>
CC: Henri Salo <>
Subject: Re: TWSL2012-002: Multiple Vulnerabilities in WordPress

On 01/25/2012 08:31 AM, Henri Salo wrote:
> FYI:
> - Henri

Uh correct me if I am wrong but these already have CVE's? From the link:

Finding 1: PHP Code Execution and Persistent Cross Site Scripting
Vulnerabilities via 'setup-config.php' page.
CVE: CVE-2011-4899

Finding 2: Multiple Cross Site Scripting Vulnerabilities in
'setup-config.php' page
CVE: CVE-2012-0782

Finding 3: MySQL Server Username/Password Disclosure Vulnerability via
'setup-config.php' page
CVE: CVE-2011-4898


-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ