http://larholm.com/2007/05/22/wordpress-0day-vulnerabilities/ Me, myself and I Wed, 19 Nov 2008 11:48:40 +0000 http://wordpress.org/?v=2.6.2 http://larholm.com/2007/05/22/wordpress-0day-vulnerabilities/#comment-40 Thor Larholm Tue, 22 May 2007 22:03:36 +0000 http://test.larholm.com/?p=10#comment-40 There's also a path disclosure in wp-trackback.php, mb_convert_encoding is called where you can specify an arbitrary $charset. There’s also a path disclosure in wp-trackback.php, mb_convert_encoding is called where you can specify an arbitrary $charset.

]]> http://larholm.com/2007/05/22/wordpress-0day-vulnerabilities/#comment-39 Thor Larholm Tue, 22 May 2007 21:49:07 +0000 http://test.larholm.com/?p=10#comment-39 Note to self: Don't use sendmail as the WordPress email application as you can inject commandline arguments Note to self:
Don’t use sendmail as the WordPress email application as you can inject commandline arguments

]]>