oss-sec mailing list archives
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
From: Henrique Montenegro <typoon () gmail com>
Date: Mon, 21 Jan 2013 08:59:06 -0200
The issue can be seen only when PHP's display_errors is set to On. I have setup a default installation of wordpress 3.5 to display the issue. It can be accessed via the URL: http://blog.gilgalab.com.br/?s[]=1 Regards, Henrique On Mon, Jan 21, 2013 at 7:59 AM, Agostino Sarubbo <ago () gentoo org> wrote:
On Monday 21 January 2013 00:11:54 Kurt Seifried wrote:I can't get this to work anywhere. Does it require a specific theme or configuration? Do you have details that can aid in reproduction?I can't reproduce too. -- Agostino Sarubbo / ago -at- gentoo.org Gentoo Linux Developer
Current thread:
- CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique (Jan 20)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 20)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Giles Coochey (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henri Salo (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 21)
- Whats worth a CVE? Scott Herbert (Jan 21)
- Re: Whats worth a CVE? Eitan Adler (Jan 21)
- Re: Whats worth a CVE? Kurt Seifried (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 20)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Milan Berger (Jan 21)