[VIM] [Fwd: SPAW Editor PHP Edition]
security curmudgeon
jericho at attrition.org
Fri Mar 2 19:22:18 EST 2007
: By the way, it's been on my to-do list to investigate other disclosures
: involving $spaw_root in other products; looks like SPAW Editor is
: included in other products.
From: security curmudgeon <jericho at attrition.org>
To: OSVDB Mods <moderators at osvdb.org>
Cc: Steven Christey <coley at mitre.org>
Date: Mon, 27 Nov 2006 06:37:24 -0500 (EST)
Reply-To: moderators at osvdb.org
Subject: [OSVDB Mods] omg omg SPAW
I sent this mail out just days before I got slammed with work and never
got around to looking at it in more detail. This was specifically over
spaw_control.class.php being found vulnerable in a number of packages.
: CVE-2006-5459 - Download-Engine
: CVE-2006-5291 - Download-Engine
: CVE-2006-4656 - Web Provence SL_Site
: CVE-2006-2928 - CMS-Bandits
: CVE-2006-2519 - phpwcms
OSVDB 26368
AWF CMS spaw_control.class.php spaw_root Variable Remote File Inclusion
OSVDB 18155
Website Generator spaw_control.class.php Direct Request Path Disclosure
More information about the VIM
mailing list