[VIM] PROMS issues - partial clarity in the changelog
security curmudgeon
jericho at attrition.org
Wed May 25 01:34:04 EDT 2005
: > Also historically, I dug out two more entries:
: >
: > 16713 PROMS Unauthorized Action Link Disclosure Aug 28, 2003
:
: This is probably the following from Thu Aug 28 20:11:06 CEST 2003:
:
: * Security: Action links are now only shown if the user is authorized to
: perform the actions.
:
: > 16712 PROMS Unspecified SESSION ID Privilege Escalation Aug 10, 2003
:
: Sun Aug 10 16:00:17 CEST 2003:
:
: * Fixed serious security bug due to non-usage of $_SESSION[].
:
: ... whatever THAT means, I'm not versed in all the subtleties of PHP.
Yep, those were the two changelog entries that prompted the osvdb entries.
The second one I have seen in other changelogs, most of which call it a
serious security issue (or critical, or major..).
More information about the VIM
mailing list