[VIM] Bogus RFI Reports Getting Out of Hand
security curmudgeon
jericho at attrition.org
Mon Jan 8 02:02:48 EST 2007
I know we're all getting tired of them, but this one takes the cake so
far.
Fri Jun 16 2006
http://archives.neohapsis.com/archives/bugtraq/2006-06/0321.html
(1) path/action.php, and to files in path/nucleus including (2) media.php,
(3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php
Sat Jun 17 2006
http://archives.neohapsis.com/archives/bugtraq/2006-06/0447.html
Demonstrated that the vulnerability is bogus.
Mon Oct 30 2006
http://archives.neohapsis.com/archives/bugtraq/2006-10/0486.html
media.php
Mon Oct 30 2006
http://archives.neohapsis.com/archives/bugtraq/2006-10/0501.html
Demonstrated (again) that the vulnerability is bogus.
So not only is it fake, it was previously disclosed and debunked, and
these people still don't get it...
I swear, Bugtraq moderators should seriously consider blocking any RFI
disclosure from hotmail.com. Would save us a lot of time.
More information about the VIM
mailing list