| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <9516566B-9373-469C-8F6D-627EB45D163D@gmail.com> Date: Tue, 13 Nov 2007 18:47:32 -0800 From: Andrew Farmer <andfarm@...il.com> To: XSS Worm XSS Security Information Portal <cross-site-scripting-security@...worm.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>, websecurity@...appsec.org Subject: *****SPAM***** [WEB SECURITY] Re: Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com Spam detection software, running on the system "moonshine.electriccat.int", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On 13 Nov 07, at 18:08, XSS Worm XSS Security Information Portal wrote: > We have looked at coding for wp-slimstat but we cannot see any > problem with > input validating. Maybe some of the xssworm.com readers can show us > where > problem is in the php code because we cannot see any porblem here: [...] Content analysis details: (7.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.3 TVD_RCVD_IP4 TVD_RCVD_IP4 1.6 TVD_RCVD_IP TVD_RCVD_IP 2.1 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in bogusmx.rfc-ignorant.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists