[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] TWSL2012-002: Multiple Vulnerabilities in WordPress
From: Henri Salo <henri () nerv ! fi>
Date: 2012-01-26 1:24:45
Message-ID: 20120126012445.GA21847 () foo ! fgeek ! fi
[Download RAW message or body]
On Wed, Jan 25, 2012 at 05:02:58PM -0700, Kurt Seifried wrote:
> On 01/25/2012 08:31 AM, Henri Salo wrote:
> > FYI: http://seclists.org/fulldisclosure/2012/Jan/416
> >
> > - Henri
>
> Uh correct me if I am wrong but these already have CVE's? From the link:
>
> Finding 1: PHP Code Execution and Persistent Cross Site Scripting
> Vulnerabilities via 'setup-config.php' page.
> CVE: CVE-2011-4899
>
> Finding 2: Multiple Cross Site Scripting Vulnerabilities in
> 'setup-config.php' page
> CVE: CVE-2012-0782
>
> Finding 3: MySQL Server Username/Password Disclosure Vulnerability via
> 'setup-config.php' page
> CVE: CVE-2011-4898
Yes you are correct. My point was to share this information with oss-security and the \
information being that WordPress is not going to fix these issues. Not everyone from \
oss-security is reading full-disclosure and still want to kno security-related topics of \
open-source software and looking at the lasts posts of full-disclosure I don't wonder why :)
- Henri Salo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic