[VIM] Bogus RFI Reports Getting Out of Hand

security curmudgeon jericho at attrition.org
Mon Jan 8 02:02:48 EST 2007


I know we're all getting tired of them, but this one takes the cake so 
far.

Fri Jun 16 2006
http://archives.neohapsis.com/archives/bugtraq/2006-06/0321.html
(1) path/action.php, and to files in path/nucleus including (2) media.php, 
(3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php

Sat Jun 17 2006
http://archives.neohapsis.com/archives/bugtraq/2006-06/0447.html
Demonstrated that the vulnerability is bogus.

Mon Oct 30 2006
http://archives.neohapsis.com/archives/bugtraq/2006-10/0486.html
media.php

Mon Oct 30 2006
http://archives.neohapsis.com/archives/bugtraq/2006-10/0501.html
Demonstrated (again) that the vulnerability is bogus.

So not only is it fake, it was previously disclosed and debunked, and 
these people still don't get it...

I swear, Bugtraq moderators should seriously consider blocking any RFI 
disclosure from hotmail.com. Would save us a lot of time.


More information about the VIM mailing list