Date: Tue, 16 Dec 2014 19:23:39 +0200 From: Henri Salo <henri@...v.fi> To: "Larry W. Cashdollar" <larry0@...com> Cc: oss-security@...ts.openwall.com Subject: Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Dec 16, 2014 at 12:20:43PM -0500, Larry W. Cashdollar wrote: > When going to this plugin page (https://wordpress.org/plugins/db-backup/) I get : > > Whoops! > > We couldn't find that plugin. Maybe you were looking for one of these? Yes. This means that WordPress plugins team has disabled the plugin in WordPress Plugin Directory. Downloads are also disabled from WordPress admin panel for safety. You can still of course install the plugin from SVN. http://plugins.svn.wordpress.org/db-backup/trunk/ - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlSQapsACgkQXf6hBi6kbk8jfQCgkaJf9gwoL/P7CLIgp2ucuExf PzwAoManG8mJaMiTOryjFetzyZ+lKa5e =WGsS -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.