[VIM] vendor ack for "mambo-phphop Product Scroller Module R.F.I"
security curmudgeon
jericho at attrition.org
Thu Aug 24 06:11:26 EDT 2006
Man i'm on a roll.
: First, looking at the files listed in the disclosure vs the files
: available in the full VirtueMart package:
: http://forge.joomla.org/sf/frs/do/viewRelease/projects.virtuemart/frs.virtuemart.virtuemart_1_0_6
:
: We see the files from the advisory in the various sub packages. So looks
: like we have the product in question. Now..
Most are there, but not all. So maybe this affects an older version of
mambo-phpShop and the derived VirtueMart, but not for each file. First the
list of files declared vulnerable, second the subpackage in VirtueMart
that contains it.
mod_phpshop.php [4]
mod_phpshop_allinone.php [3]
mod_phpshop_cart.php [5]
mod_phpshop_featureprod.php [2]
mod_phpshop_latestprod.php [1]
mod_product_categories.php mod_product_categories_1.0.6.tar.gz
mod_productscroller.php mod_productscroller_1.0.6.tar.gz
mosproductsnap.php modproductsnap_1.0.6.tar.gz
[1] mod_virtuemart_latestprod.php in mod_virtuemart_latestprod_1.0.6.tar.gz
[2] mod_virtuemart_featureprod.php in mod_virtuemart_featureprod_1.0.6.tar.gz
[3] mod_virtuemart_allinone.php in mod_virtuemart_allinone_1.0.6.tar.gz
[4] mod_virtuemart.php in mod_virtuemart_1.0.6.tar.gz
[5] mod_virtuemart_cart.php in mod_virtuemart_cart_1.0.6.tar.gz
So the first three files I looked at were in there verbatim and I made the
assumption it was the same package. In reality, 3 of 8 were in there, but
everything suggests the derived product may be vulnerable and even have
more components that could be affected.
More information about the VIM
mailing list