| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Nov 2007 18:47:32 -0800
From: Andrew Farmer <andfarm@...il.com>
To: XSS Worm XSS Security Information Portal
<cross-site-scripting-security@...worm.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
websecurity@...appsec.org
Subject: *****SPAM***** [WEB SECURITY] Re: Wordpress 2.3
Cross Domain Content Insertion- New vulnerability + exploit -
xssworm.com
Spam detection software, running on the system "moonshine.electriccat.int", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: On 13 Nov 07, at 18:08, XSS Worm XSS Security Information
Portal wrote: > We have looked at coding for wp-slimstat but we cannot see
any > problem with > input validating. Maybe some of the xssworm.com readers
can show us > where > problem is in the php code because we cannot see any
porblem here: [...]
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.3 TVD_RCVD_IP4 TVD_RCVD_IP4
1.6 TVD_RCVD_IP TVD_RCVD_IP
2.1 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in bogusmx.rfc-ignorant.org
Content of type "message/rfc822" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists