[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
From: Tavis Ormandy <taviso@xxxxxxxxxxxxx>
Date: Sat, 6 Jul 2013 09:32:28 -0700

"xxx" <ryandewhurst@xxxxxxxxx> wrote:

> (self promotion not intended, highlighting other issues in WordPress)
> 
> Check out WPScan for other such issues with WordPress that have existed
> for a long time but never patched. WordPress are aware of these issues but
> for whatever reason decided not to patch them.
> 
> http://wpscan.org/

Funny, your username broke gmane (a popular mail2nntp gateway).

http://thread.gmane.org/gmane.comp.security.full-disclosure/89782

I'll send a bug report to the maintainer.

Tavis.

-- 
-------------------------------------
taviso@xxxxxxxxxxxxx | pgp encrypted mail preferred
-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
  - From: Sven Kieske
- Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
  - From: "><script>alert(1)</script>

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2720-1] icedove security update
Next by Date: [Full-disclosure] DAVOSET v.1.0.9
Previous by thread: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
Next by thread: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
Index(es):
- Date
- Thread