[VIM] CVE-2007-3242 (fwd)

str0ke str0ke at milw0rm.com
Wed Jun 20 20:17:37 UTC 2007


Let me get this right.

web-app.org is the real product?
web-app.net is the copy product?

Checking the first character only was pretty funny :)

/str0ke

On 6/20/07, Steven M. Christey <coley at linus.mitre.org> wrote:
>
> On Wed, 20 Jun 2007, security curmudgeon wrote:
>
> > http://archives.neohapsis.com/archives/bugtraq/2007-06/0160.html
> >
> >   "There is a system access vulnerability in the Menu Manager Mod for
> >    WebAPP."
> >
> > The original disclosure doesn't mention if it is the "real" WebAPP or the
> > other one.
>
> It does mention this, though:
>
>   the vulnerability also exists in the "WebAPP NE" script that is being
>   distributed from web-app.net
>
>
> > It doesn't say if this is for WebAPP (from .net or .org).
>
> Maybe this mod works on both, but then:
>
> > Wait, the vulnerability was reported in a modular add-on to Web-App, why
> > would the code be in your script, unless it was distributed with it?
>
> Which is now my question, too, besides the one about the weird input
> validation of only the first character.
>
> - Steve
>


More information about the VIM mailing list