[VIM] arfis: automated grep-and-gripe

str0ke str0ke at milw0rm.com
Tue Sep 18 19:27:41 UTC 2007


I received a bunch of these as well.  Out of 8 or so that were
submitted, 2 were actual vulnerabilities.  1 of those 2 were already
cve'ed in 2005.


Steven M. Christey wrote:
> Hey Jericho,
> Turns out that all our lost sleep was not in vain.
>   the "arfis project", a simple perl script. It automatically
>   downloads and extract PHP projects from sourceforge.net and checks
>   for Remote File Inclusion vulnerabilities. It then post's the
>   potential (now it's -potential-, cause the script is in an early
>   stadium) vuln to this blog.
>   http://arfis.wordpress.com/
> CVE has picked up some of these and disputed a chunk of 'em, but some
> appear legit.  At this instant, I'm of the mindset of de-prioritizing
> them as unreliable, but neither do I like the upward trend of
> increasing numbers of disputes.
> - Steve

More information about the VIM mailing list