[VIM] Re: [Change Request] 15738 WebApp E-Cart index.cgi art
Parameter Arbitrary Command Execution
security curmudgeon
jericho at attrition.org
Sun May 29 16:29:56 EDT 2005
Hi Brad,
: The link: http://www.osvdb.org/displayvuln.php?osvdb_id=15738 falsely
: states that the Nasrani Software Foundation is the vendor of the
: software mentioned with a vulnerability. This is inaccurate and we
: would appreciate that the information on your Site be updated accurately
: as soon as possible. The software is connected with http://web-app.org/
: instead of the Nasrani Software Foundation. The Nasrani Software
: Foundation is the vendor of a PHP program called WebApp PHP, but not the
: Perl version associated with the vulnerable software mentioned in your
: security notice.
The original disclosure point on this issue was:
http://archives.neohapsis.com/archives/bugtraq/2005-04/0388.html
The vulnerability researcher says the vendor is located at:
http://www.yazaport.com/kadfors/kwamd/mods/ecart/index.cgi
When visiting the vendor link, I am redirected to:
http://www.nasranisoft.org/en/
The researcher says the vulnerability is in "E-Cart 2004 v1.1".
Web-app.org doesn't appear to have a product called that, and their
product is at version 0.9.9.2.1. The Nasrani page shows WebApp PHP Version
1.0 as the current version.
So that leaves me wondering, who exactly created E-Cart 2004 v1.1 if not
Web-APP or Nasrani =)
I am removing Nasrani from OSVDb 15738 for now while I try to research who
the vendor is. Thanks for bringing this to our attention!
Brian
OSVDB.org
More information about the VIM
mailing list