[VIM] [Fwd: SPAW Editor PHP Edition]
Steven M. Christey
coley at linus.mitre.org
Fri Mar 2 21:58:23 EST 2007
> From: security curmudgeon <jericho at attrition.org>
> To: OSVDB Mods <moderators at osvdb.org>
> Cc: Steven Christey <coley at mitre.org>
> Date: Mon, 27 Nov 2006 06:37:24 -0500 (EST)
> Subject: [OSVDB Mods] omg omg SPAW
Wow, I barely remember that email. I must admit that we have some issues
with "institutional memory," e.g. codebase relationships, which CVE's need
some kind of tweak, etc.
> OSVDB 26368
> AWF CMS spaw_control.class.php spaw_root Variable Remote File Inclusion
>
> OSVDB 18155
> Website Generator spaw_control.class.php Direct Request Path Disclosure
Path disclosure eh? Smells like insufficient diagnosis to me :)
- Steve
More information about the VIM
mailing list