[VIM] Vendor ACK for MyQuiz

Steven M. Christey coley at linus.mitre.org
Thu Feb 9 23:56:11 EST 2006

alex at evuln said vendor fixed, but the acknowledgement was too vague, so I
double-checked with the vendor.

vendor responded within minutes of my initial request.

- Steve

---------- Forwarded message ----------
Date: Thu, 09 Feb 2006 22:48:20 -0600
From: Dale Ray
To: coley at mitre.org
Subject: Re: Security vulnerability in MyQuiz

To the best of my knowledge YES the issue is fixed. I did this using
whitelist data entry testing. If any character that is not valid input is
in the URL calling the script the script aborts with an error message.

But - the only way for you to be sure of this is for you to test the
script yourself. You should never trust anything you download from the

*********** START QUOTE  ***********

> On 2/9/2006 at 11:34 PM coley at mitre.org wrote:

>Somebody claiming to be Steve Christey wrote:
>I am a computer security professional for the CVE project, which is
>sponsored by the Department of Homeland Security to assign standard
>identifiers for security vulnerabilities (http://www.us-cert.gov/cve/,
>Recently, some security vulnerability information about your product
>was posted here:
>  http://www.evuln.com/vulns/57/summary.html
>The researcher says that you fixed the issue in version 2.0, but your
>acknowledgement does not provide enough details to be sure that you are
>fixing the vulnerability identified above.
>So... did 2.0 fix the issue above?
>Thank you,
>Steve Christey
>Principal Information Security Engineer
>CVE Editor
>The MITRE Corporation

*********** END QUOTE  ***********

More information about the VIM mailing list