[VIM] [Change Request] 21910: WebDB Search Module search Variable SQL Injection (fwd)
security curmudgeon
jericho at attrition.org
Tue Mar 7 16:42:49 EST 2006
---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Lois Software
Cc: moderators at osvdb.org
Date: Tue, 7 Mar 2006 16:42:14 -0500 (EST)
Subject: RE: [OSVDB Mods] [Change Request] 21910: WebDB Search Module search
Variable SQL Injection
Hey ,
Thanks for the detailed information. I'm going to review it later this
evening and figure out how best to handle it. It seems like this is
essentially a service, not a product, and as such would not meet our
criteria for inclusion in the database at all. Given that many other
databases have entries for it, we may keep it but add notes that explain
all of what you told me so it is clear to everyone.
I have also sent our mails (sanitized) to several other databases
(including CVE, SecurityTracker and others) so they can act on it
accordingly as well.
Thanks for taking the time to explain everything.
Brian
OSVDB.org
More information about the VIM
mailing list