lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Aug 2012 11:50:15 +0300
From: Henri Salo <>
To: Jan van Niekerk <>
Subject: Re: cloudsafe365 for wordpress: file disclosure

On Tue, Aug 28, 2012 at 10:29:46AM +0200, Jan van Niekerk wrote:
> This wordpress security plugin lets you read arbitrary files on the
> system.  Looking at the code, there will be plenty of stuff like this.
> Demo:
> Disclosure timeline:
>  * Today: visit
>  * Try to report bug
>  * System wants login
>  * Visit web site: vendor has no e-mail address and stupid one-liner
> contact form and hidden name
>  * Stuff it, I'm not going to phone them

I can verify and report this. Could you list all the vulnerabilities you can find from the plugin? You can also contact address in case you found vulnerabilities from WordPress plugins in the future.

- Henri Salo

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists