[VIM] Vendor ACK for LocazoList 1.03c SQL injection

Steven M. Christey coley at mitre.org
Tue Dec 13 00:17:25 EST 2005


  SQL Injection Vulnerability found in "searchdb.asp" in versions
  1.03c and prior. Please update to 1.04d as soon as possible or
  re-download the entire package.

Note: no mention of XSS.  Source code inspection suggests a
possibility of an XSS "fix" but not proof.

- Steve

More information about the VIM mailing list