[VIM] Re: Diabolic Crab history
security curmudgeon
jericho at attrition.org
Wed May 25 01:23:48 EDT 2005
: The tarinasworld example is already noted with a question mark in CVE
: (CAN-2005-0994), but thanks for the info on storelocator_submit.asp not
: being in ProductCart (CAN-2005-0995). I've since updated CAN-2005-0995
: accordingly.
tarinasworld is due to him auditing a live site and finding a
vulnerability on it.. something that he, Lostmon and several others are
doing frequently. this is a real bother to me as many of the
vulnerabilities may be found in modified/custom versions like we've seen.
so the tarinasworld issue he reported is only vulnerable on a single site
on the net probable. being site specific, we don't include it.
if the vulnerability lies in the journal code distributed with the
package, he didn't clearly identify that.
More information about the VIM
mailing list