|
Message-ID: <CAH_aqbtnoV+mqDSFc5i7Gj-Nswx+1Cc+YOhbLD3-ubjiq_oPxw@mail.gmail.com> Date: Mon, 21 Jan 2013 08:59:06 -0200 From: Henrique Montenegro <typoon@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability The issue can be seen only when PHP's display_errors is set to On. I have setup a default installation of wordpress 3.5 to display the issue. It can be accessed via the URL: http://blog.gilgalab.com.br/?s[]=1 Regards, Henrique On Mon, Jan 21, 2013 at 7:59 AM, Agostino Sarubbo <ago@...too.org> wrote: > On Monday 21 January 2013 00:11:54 Kurt Seifried wrote: > > I can't get this to work anywhere. Does it require a specific theme or > > configuration? Do you have details that can aid in reproduction? > > I can't reproduce too. > -- > Agostino Sarubbo / ago -at- gentoo.org > Gentoo Linux Developer >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.