oss-sec mailing list archives
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access
From: Henri Salo <henri () nerv fi>
Date: Tue, 16 Dec 2014 19:23:39 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Dec 16, 2014 at 12:20:43PM -0500, Larry W. Cashdollar wrote:
When going to this plugin page (https://wordpress.org/plugins/db-backup/) I get : Whoops! We couldn't find that plugin. Maybe you were looking for one of these?
Yes. This means that WordPress plugins team has disabled the plugin in WordPress Plugin Directory. Downloads are also disabled from WordPress admin panel for safety. You can still of course install the plugin from SVN. http://plugins.svn.wordpress.org/db-backup/trunk/ - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlSQapsACgkQXf6hBi6kbk8jfQCgkaJf9gwoL/P7CLIgp2ucuExf PzwAoManG8mJaMiTOryjFetzyZ+lKa5e =WGsS -----END PGP SIGNATURE-----
Current thread:
- CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Henri Salo (Dec 16)
- Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Ryan Dewhurst (Dec 16)
- Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Larry W. Cashdollar (Dec 16)
- Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Henri Salo (Dec 16)
- Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Ryan Dewhurst (Dec 16)