Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20141216172339.GB31409@kludge.henri.nerv.fi>
Date: Tue, 16 Dec 2014 19:23:39 +0200
From: Henri Salo <henri@...v.fi>
To: "Larry W. Cashdollar" <larry0@...com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-9119: DB Backup plugin for WordPress
 download.php file Parameter Remote Path Traversal File Access

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Dec 16, 2014 at 12:20:43PM -0500, Larry W. Cashdollar wrote:
> When going to this plugin page (https://wordpress.org/plugins/db-backup/) I get :
> 
> Whoops!
> 
> We couldn't find that plugin. Maybe you were looking for one of these?

Yes. This means that WordPress plugins team has disabled the plugin in WordPress
Plugin Directory. Downloads are also disabled from WordPress admin panel for
safety. You can still of course install the plugin from SVN.

http://plugins.svn.wordpress.org/db-backup/trunk/

- --
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlSQapsACgkQXf6hBi6kbk8jfQCgkaJf9gwoL/P7CLIgp2ucuExf
PzwAoManG8mJaMiTOryjFetzyZ+lKa5e
=WGsS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.