[VIM] Calendarix vendor inquiry sent

Steven M. Christey coley at linus.mitre.org
Tue Jun 7 00:00:50 EDT 2005



---------- Forwarded message ----------
Date: Mon, 6 Jun 2005 23:57:53 -0400 (EDT)
From: Steven M. Christey <coley at mitre.org>
To: webmaster at calendarix.com
Subject: Security vulnerabilities reported in Calendarix


Hello,

I am a computer security professional and the editor for the Common
Vulnerabilities and Exposures (CVE) project.  CVE is a list of
software vulnerabilities, and it is widely used in the computer
security industry.

Recently, several vulnerabilities in Calendarix were publicly reported
to a well-known security mailing list:

  BUGTRAQ:20050531 multiple vulnerability Calendarix Advanced
  URL:http://archives.neohapsis.com/archives/bugtraq/2005-05/0356.html


Additional information is at:

  URL:http://www.osvdb.org/16973
  URL:http://securitytracker.com/alerts/2005/May/1014083.html
  URL:http://secunia.com/advisories/15569

Is this vulnerability report accurate?  If so, then is the problem
fixed, and in which versions?

Note that I downloaded the demo version of Calendarix Advanced, and
based on inspection of the source code, the reported issues seem to be
legitimate for certain common PHP configurations.


Thank you,
Steve Christey
CVE Editor
Principal Information Security Engineer
The MITRE Corporation


More information about the VIM mailing list