[VIM] Bogus RFI Reports Getting Out of Hand
bugtraq at cgisecurity.net
bugtraq at cgisecurity.net
Mon Jan 8 02:00:40 EST 2007
> Fri Jun 16 2006
> http://archives.neohapsis.com/archives/bugtraq/2006-06/0321.html
> (1) path/action.php, and to files in path/nucleus including (2) media.php,
> (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php
>
> Sat Jun 17 2006
> http://archives.neohapsis.com/archives/bugtraq/2006-06/0447.html
> Demonstrated that the vulnerability is bogus.
>
> Mon Oct 30 2006
> http://archives.neohapsis.com/archives/bugtraq/2006-10/0486.html
> media.php
>
> Mon Oct 30 2006
> http://archives.neohapsis.com/archives/bugtraq/2006-10/0501.html
> Demonstrated (again) that the vulnerability is bogus.
>
> So not only is it fake, it was previously disclosed and debunked, and
> these people still don't get it...
>
> I swear, Bugtraq moderators should seriously consider blocking any RFI
> disclosure from hotmail.com. Would save us a lot of time.
>
Should the moderators be performing analysis of each post in detail before allowing it to post? I'm thinking this would
drag out the postings to the point of being lagged weeks behind the other lists. Have you considered making a
list of bogus vuln authors and forwarding them to the list moderators?
BTW I really like what you guys are doing.
- zeno
http://www.cgisecurity.com/
More information about the VIM
mailing list