[VIM] CVE-2007-3242 (fwd)

Steven M. Christey coley at linus.mitre.org
Wed Jun 20 20:12:57 UTC 2007


On Wed, 20 Jun 2007, security curmudgeon wrote:

> http://archives.neohapsis.com/archives/bugtraq/2007-06/0160.html
>
>   "There is a system access vulnerability in the Menu Manager Mod for
>    WebAPP."
>
> The original disclosure doesn't mention if it is the "real" WebAPP or the
> other one.

It does mention this, though:

  the vulnerability also exists in the "WebAPP NE" script that is being
  distributed from web-app.net


> It doesn't say if this is for WebAPP (from .net or .org).

Maybe this mod works on both, but then:

> Wait, the vulnerability was reported in a modular add-on to Web-App, why
> would the code be in your script, unless it was distributed with it?

Which is now my question, too, besides the one about the weird input
validation of only the first character.

- Steve


More information about the VIM mailing list