[VIM] ListMessenger dispute CVE-2006-3692

[Stuart Moore]

Hi,

Matt Simpson (author of ListMessenger) wrote to say that the xoron 
posting regarding an include file vuln in ListMessenger is false.

He pointed to line 26 of listmessenger.php:

$lm_path = "/my/full/path/to/listmessenger/directory/";

Code inspection confirms that lm_path is defined to be a local file 
before it is used in any include statement.

Perhaps this is a site-specific bug.  Sound familiar?

We've asked xoron for clarification.

Stuart



http://securitytracker.com/id?1016530
CVE-2006-3692