[VIM] Revisiting The Past

George A. Theall theall at tenablesecurity.com
Wed Aug 9 10:53:54 EDT 2006

Can anyone tell me the difference between:

  http://echo.or.id/adv/adv16-theday-2005.txt (the 1st SQL injection)

The first seems to be reflected in CVE-2005-1967, and OSVDB 17329; the
latter in CVE-2005-2445, OSVDB 18508. And to further muddy things, BID
13881 credits Dedi Dwianto but provides a reference to Dcrab's advisory.

Unless I'm missing something, both appear to cover the same app /
version / script / parameter / issue. [NB: Bugtraq and OSVDB do say
Product Cart 2.7 is affected, but Dwianto's advisory states "version : <
2.7", at least as I look at it right now.]

theall at tenablesecurity.com

More information about the VIM mailing list