[VIM] TinyMCE advisory question (fwd)

security curmudgeon jericho at attrition.org
Fri Dec 30 18:57:18 EST 2005

: TinyMCE isn't what he's referring to.  It seems the compressor is an 
: optional seperate package?  The advisory specifically names Compressor 
: as being vulnerable.  Indeed, on the front page of the vendor's site 
: (tinymce.moxiecode.com) is the following:
: "Critical update of TinyMCE Compressor (PHP)
: A possible security issue has been found with the TinyMCE Compressor 
: (PHP), we urge you to upgrade to 1.05 version as soon as possible! 
: Thanks to Stefan Esser (http://www.hardened-php.net) for reporting this 
: issue."

Duh, not sure why/how I missed that =) Explains everything. Thanks!


More information about the VIM mailing list