Date: Wed, 25 Jan 2012 17:02:58 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi> Subject: Re: TWSL2012-002: Multiple Vulnerabilities in WordPress On 01/25/2012 08:31 AM, Henri Salo wrote: > FYI: http://seclists.org/fulldisclosure/2012/Jan/416 > > - Henri Uh correct me if I am wrong but these already have CVE's? From the link: Finding 1: PHP Code Execution and Persistent Cross Site Scripting Vulnerabilities via 'setup-config.php' page. CVE: CVE-2011-4899 Finding 2: Multiple Cross Site Scripting Vulnerabilities in 'setup-config.php' page CVE: CVE-2012-0782 Finding 3: MySQL Server Username/Password Disclosure Vulnerability via 'setup-config.php' page CVE: CVE-2011-4898 -- -- Kurt Seifried / Red Hat Security Response Team kseifried@...hat.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.