[VIM] vendor ack for "mambo-phphop Product Scroller Module R.F.I"
jericho at attrition.org
Thu Aug 24 06:11:26 EDT 2006
Man i'm on a roll.
: First, looking at the files listed in the disclosure vs the files
: available in the full VirtueMart package:
: We see the files from the advisory in the various sub packages. So looks
: like we have the product in question. Now..
Most are there, but not all. So maybe this affects an older version of
mambo-phpShop and the derived VirtueMart, but not for each file. First the
list of files declared vulnerable, second the subpackage in VirtueMart
that contains it.
 mod_virtuemart_latestprod.php in mod_virtuemart_latestprod_1.0.6.tar.gz
 mod_virtuemart_featureprod.php in mod_virtuemart_featureprod_1.0.6.tar.gz
 mod_virtuemart_allinone.php in mod_virtuemart_allinone_1.0.6.tar.gz
 mod_virtuemart.php in mod_virtuemart_1.0.6.tar.gz
 mod_virtuemart_cart.php in mod_virtuemart_cart_1.0.6.tar.gz
So the first three files I looked at were in there verbatim and I made the
assumption it was the same package. In reality, 3 of 8 were in there, but
everything suggests the derived product may be vulnerable and even have
more components that could be affected.
More information about the VIM