[VIM] PROMS issues - partial clarity in the changelog
Steven M. Christey
coley at linus.mitre.org
Tue May 24 19:19:42 EDT 2005
On Tue, 24 May 2005, security curmudgeon wrote:
> Also historically, I dug out two more entries:
>
> 16713 PROMS Unauthorized Action Link Disclosure Aug 28, 2003
This is probably the following from Thu Aug 28 20:11:06 CEST 2003:
* Security: Action links are now only shown if the user is authorized to
perform the actions.
> 16712 PROMS Unspecified SESSION ID Privilege Escalation Aug 10, 2003
Sun Aug 10 16:00:17 CEST 2003:
* Fixed serious security bug due to non-usage of $_SESSION[].
... whatever THAT means, I'm not versed in all the subtleties of PHP.
- Steve
More information about the VIM
mailing list