[VIM] Vendor dispute of OSVDB 15313 / 15314
Steven M. Christey
coley at linus.mitre.org
Mon Dec 5 12:27:03 EST 2005
Hrmmmmmmmm, interesting. The researcher was Diabolic Crab.
Last week there was a vendor that disputed a r0t-reported issue but when I
pointed out the information leak aspects of the problem under some PHP
configs, the vendor agreed (it was a path-disclosure on error due to a bad
type of value in SQL query). Maybe this is the same thing.
I wonder if this is another error-on-bad-SQL-value-type.
- Steve
On Mon, 5 Dec 2005, security curmudgeon wrote:
>
>
> OSVDB 15314 = CVE 2005-1032, Secunia 14857, SecTrack 1013658
>
>
> ---------- Forwarded message ----------
> From: Qualiteam alliances <alliance at qualiteam.biz>
> To: moderators at osvdb.org
> Date: Mon, 5 Dec 2005 15:03:02 +0300
> Subject: [OSVDB Mods] 15313,15314
>
> Hello OSVDB,
>
> My name is Mickael, i am marketing manager at Qualiteam, the seller of
> LiteCommerce software. I write in regard of reports published at
>
> http://www.osvdb.org/displayvuln.php?osvdb_id=15313
> http://www.osvdb.org/displayvuln.php?osvdb_id=15314
>
> These reports are credited to malicious person we refused to hire. We have
> not taken legal action against him only because he is located in India.
> The vulnerabilites reported can not be reproduced, hence information you
> provide is contrary to fact and, moreover, is harming our busines. Please
> remove it ASAP.
>
> Regards,
> --
> Mickael Bazhutin
> marketing manager
>
> QUALITEAM.BIZ [web sites] http://www.qualiteam.biz/
> Glavpochtamt, p/o box 5152. [ phone ] +7 8422 429038 (9:00-18:00 GMT +3)
> 432072 Ulyanovsk, Russia [ fax ] 1 270 568 5165
>
More information about the VIM
mailing list