[VIM] Bugtraq IDs 32763 and 42836
rkeith
rkeith at securityfocus.com
Tue Sep 21 13:30:26 CDT 2010
I agree, looks like the only 'name' is in a new guestbook entry. We will be retiring 42836 shortly.
Thanks again George.
-Rob
George A. Theall wrote:
> It seems like Bugtraq ID 42836 covers one of the vulnerabilities in
> Max's Guestbook already covered by Bugtraq ID 32763 -- failure to
> sanitize input to the 'name' parameter.
>
> While the newer BID talks about this parameter in "the 'Comment'
> section", I'm not clear what that is or if it's different from a
> guestbook message itself. I don't find mention of 'comment' in the PHP
> code. Nor do I see it in any live sites I've look at.
>
> Rob?
>
>
> George
More information about the VIM
mailing list