[VIM] Deja Vu: phpMyNewsletter <= 0.6.12 (l) Remote File Include Exploit

str0ke str0ke at milw0rm.com
Wed Apr 4 14:30:24 UTC 2007


George,

Appreciate the info, changing the author and the script to reflect who
the original finder was.

/str0ke

On 4/4/07, George A. Theall <theall at tenablesecurity.com> wrote:
> Hey str0ke, this (milw0rm 3658) looks like a repeat of an issue reported
> back in 2002 and covered by CVE-2002-1887 / Bugtraq ID 5886:
>
>    http://archives.neohapsis.com/archives/bugtraq/2002-10/0060.html
>    http://archives.neohapsis.com/archives/bugtraq/2003-02/0074.html
>
> The first original message was for version 0.6.10. The second is for
> 0.6.11, which contains a brain-damaged attempt to fix the issue.
>
> Also note that the vendor link in milw0rm 3658 is actually for the
> 0.6.10 code even though bd0rk talks about 0.6.12 in the advisory.
>
> George
> --
> theall at tenablesecurity.com
>


More information about the VIM mailing list