Date: Thu, 26 Jan 2012 03:24:45 +0200 From: Henri Salo <henri@...v.fi> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security@...ts.openwall.com Subject: Re: TWSL2012-002: Multiple Vulnerabilities in WordPress On Wed, Jan 25, 2012 at 05:02:58PM -0700, Kurt Seifried wrote: > On 01/25/2012 08:31 AM, Henri Salo wrote: > > FYI: http://seclists.org/fulldisclosure/2012/Jan/416 > > > > - Henri > > Uh correct me if I am wrong but these already have CVE's? From the link: > > Finding 1: PHP Code Execution and Persistent Cross Site Scripting > Vulnerabilities via 'setup-config.php' page. > CVE: CVE-2011-4899 > > Finding 2: Multiple Cross Site Scripting Vulnerabilities in > 'setup-config.php' page > CVE: CVE-2012-0782 > > Finding 3: MySQL Server Username/Password Disclosure Vulnerability via > 'setup-config.php' page > CVE: CVE-2011-4898 Yes you are correct. My point was to share this information with oss-security and the information being that WordPress is not going to fix these issues. Not everyone from oss-security is reading full-disclosure and still want to kno security-related topics of open-source software and looking at the lasts posts of full-disclosure I don't wonder why :) - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.