[VIM] ListMessenger dispute CVE-2006-3692

Stuart Moore smoore at securityglobal.net
Tue Jul 25 23:16:33 EDT 2006


Matt Simpson (author of ListMessenger) wrote to say that the xoron 
posting regarding an include file vuln in ListMessenger is false.

He pointed to line 26 of listmessenger.php:

$lm_path = "/my/full/path/to/listmessenger/directory/";

Code inspection confirms that lm_path is defined to be a local file 
before it is used in any include statement.

Perhaps this is a site-specific bug.  Sound familiar?

We've asked xoron for clarification.



More information about the VIM mailing list