Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

On Wed, Jan 25, 2012 at 04:13:12PM +, Benji wrote: Yes it does. wp-admin/setup-config.php?step=1 on any wp install where it exists gives this: The file 'wp-config.php' already exists one level above your WordPress installation. If you need to reset any of the configuration items in

Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress On Tue, Jan 24, 2012 at 04:09:16PM -0600, Trustwave Advisories wrote: Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https

Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

On Wed, Jan 25, 2012 at 08:43:34AM -0600, Trustwave Advisories wrote: The vendor was notified. They have chosen not to fix the issue at this time. The Vendor Response section has the details: Vendor Response: Due to the fact that the component in question is an installation script, the

Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

On Wednesday 25 Jan 2012 15:22:39 Henri Salo wrote: There is A LOT of these open installation pages in the Internet. It is not uncommon to leave those open by accident. Some people also do this, because they just don't understand the risks. I am wondering if WordPress would apply patch if we

Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

Dear full-disclosure I wrote to you to tell you about serious serious vulnerability in all Windows versions. If you turn machine on before system is configured, then you be able to set user password yourself, big gaping hole I make big large botnet to fully utilise this impressive

Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

Yes it does. wp-admin/setup-config.php?step=1 on any wp install where it exists gives this: The file 'wp-config.php' already exists one level above your WordPress installation. If you need to reset any of the configuration items in this file, please delete it first. On Wed, Jan 25, 2012 at

Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

Funny but no, this does not need a non-installed wordpress. 2012/1/25 Benji m...@b3nji.com Dear full-disclosure I wrote to you to tell you about serious serious vulnerability in all Windows versions. If you turn machine on before system is configured, then you be able to set user password

[Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress (http://wordpress.org/) Product: WordPress Version affected: 3.3.1 and prior Product

Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress

On Tue, Jan 24, 2012 at 04:09:16PM -0600, Trustwave Advisories wrote: Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress