[VIM] Revisiting The Past
George A. Theall
theall at tenablesecurity.com
Wed Aug 9 10:53:54 EDT 2006
Can anyone tell me the difference between:
http://echo.or.id/adv/adv16-theday-2005.txt (the 1st SQL injection)
http://archives.neohapsis.com/archives/bugtraq/2005-07/0521.html
The first seems to be reflected in CVE-2005-1967, and OSVDB 17329; the
latter in CVE-2005-2445, OSVDB 18508. And to further muddy things, BID
13881 credits Dedi Dwianto but provides a reference to Dcrab's advisory.
Unless I'm missing something, both appear to cover the same app /
version / script / parameter / issue. [NB: Bugtraq and OSVDB do say
Product Cart 2.7 is affected, but Dwianto's advisory states "version : <
2.7", at least as I look at it right now.]
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list