Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Jan 2013 08:59:06 -0200
From: Henrique Montenegro <>
Subject: Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability

The issue can be seen only when PHP's display_errors is set to On.
I have setup a default installation of wordpress 3.5 to display the issue.
 It can be accessed via the URL:[]=1



On Mon, Jan 21, 2013 at 7:59 AM, Agostino Sarubbo <> wrote:

> On Monday 21 January 2013 00:11:54 Kurt Seifried wrote:
> > I can't get this to work anywhere. Does it require a specific theme or
> > configuration? Do you have details that can aid in reproduction?
> I can't reproduce too.
> --
> Agostino Sarubbo / ago -at-
> Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.